uptime reveals 2 extra users! Why?

[markpatterson]

Here's the output from uptime:
[localhost:~] markpatt% uptime
11:06PM up 22 days, 1:57, 5 users, load averages: 1.16, 1.16, 1.00

We have only 3 users on this machine: me, my wife and my son. So why does it say 5 users?

 

[cfleck]

5 eh? i could imagine that there is also a root account by default. so theres one. and possibly a guest account as well. i dunno.

 

[gumse]

I think this refers to logged on users in terminal + one for the console. If you just close a terminal window without doing the exit command the user remains in the user count , at least for a while.

 

[michaelsanford]

Welcome to Helios;
*AUTHORIZED PERSONNEL ONLY*

Thu Nov 21 22:43:32 EST 2002
10:43PM  up 3 days,  1:33, 3 users, load averages: 2.66, 1.61, 1.43
64.230.12.162
mysqld is alive
[gwailo:~]% who
gwailo   console  Nov 18 21:17 
gwailo   ttyp1    Nov 21 22:43 
gwailo   ttyp2    Nov 21 22:21 
[gwailo:~]%

• The first gwailo refers to the console (who's logged in at the keyboard).
• The last gwailo (ttyp2) refers to the shell I'm using to execute this "who".
• The MIDDLE gwailo (ttyp1) refers to a shell that didn't terminate properly, and was never released; it happens to me ALL the time.

I hit CTRL-D and it prints "logout" and then a carriage return and then hangs, so I just close the window. If this happens to you, oh 3 times, you'll get those mysterious 5 users you mentioned (1 console, 1 current shell, 3 improperly terminated shells).

 

[michaelsanford]

PS. The users listed in 'uptime' are instances of current active users who are logged into the system, not user accounts.

 

[michaelsanford]

Sorry! I got it wrong:

The user on ttyp2 is the stuck user, not ttyp1.

 

[markpatterson]

Thanks, that makes it clearer. Perhaps the word users is a bit confusing.

 

[roger]

I just noticed that problem with the improperly terminated shells. It happens to me when I have a terminal window open and hit Command-W without typing 'exit' first.

To get rid of (e.g.) ttyp2 assuming that I have ttyp1 open, I just open another window, which is called ttyp2 and then exit normally.

R.

 

[markpatterson]

I tried getting rid of them that way. But it they are still there. Does anyone know how to get rid of those ttpN skeletons?

 

[michaelsanford]

Sort of, you can terminate the process of their shell (thereby freeing system resources) but they'll still appear in the user's list.

Get the other TTs shell PID (so the user I'm slaughtering here is on ttyp1, under the TT column it says p1. Then bulldoze their shell.

[gwailo:~]% ps -aux | grep gwailo | grep -v grep
USER     PID %CPU %MEM      VSZ    RSS  TT  STAT      TIME COMMAND
gwailo   665   0.0  0.1     5876    948  p1  Ss+    0:00.29 -tcsh (tcsh)

[gwailo:~]% sudo kill -9 665

If the user is actually logged in, they'll be really mad at you too Also they wil receive a terminal message that reads "[ Process terminated by signal 9 ]"

HTH

 

[markpatterson]

Thanks for the reply. I'm still trying. I've logged in as my wife, and get this:
[localhost:~] helena% who
helena console Nov 24 19:29
markpatt ttyp1 Nov 24 19:07
markpatt ttyp2 Nov 24 09:08
markpatt ttyp3 Nov 24 09:08
helena ttyp4 Nov 24 19:30
markpatt ttyp5 Nov 24 09:11
helena ttyp6 Nov 24 20:59

ps- aux has nothing for markpatt. The TT column is mainly ??, a few std, and a few p4. Why should there be any users called markpatt if this machine is the only one on the network (except the airport), and I've logged out from markpatt? Is this a bug fixed in Jaguar?

 

[michaelsanford]

Ok well you'd have to have rebooted your computer for the ghost users to disappear, so those ones are left over from past improperly terminated shells, which is why they still appear.

Do you always hit CTRL-D or type "logout" when you want to leave a shell, or do you just close the terminal window?

My advice, and what I've come to do since noticing this problem: just ignore them.

The only reason you should be concerned about other users is if you're not firewalled and you suspect people have gotten your password and have hacked into your system (which, I believe, can happen over airport, say, if you live in an apartment, someone can get on and share your network and sniff packets and get your POP3 password, and if it's the same as your terminal password..... ) But I really souldn't worry too much about that...

 

[markpatterson]

Thanks for the reassurance, but I'm trying to work up a heroic up-time, so I'm reluctant to reboot unnecessary. That's not the Unix way. And I am on an airport with a cable modem on all the time, so I am a bit worried about people hacking into the machine.

Any other ideas, anyone?