[546] in Release_7.7_team
Analysis of utmp problems in Athena 8.0 for Solaris
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed May 22 04:06:03 1996
Date: Wed, 22 May 1996 04:05:58 -0400
From: Greg Hudson <ghudson@MIT.EDU>
To: release-team@MIT.EDU, sol24@MIT.EDU
Okay, for the benefit of those concerned, here is everything I know
about utmp screwiness in the Athena 8.0 Solaris release. First, some
background:
* Solaris doesn't require programs to be setuid to update the
utmp file. If the library function can't write to the
utmp file, it will invoke a setuid program named
/usr/lib/utmp_update which will do it.
* utmp entries can be tagged as having been generated by a
normal user by setting the ut_exit.e_exit field to 2.
utmp_update does this, as does xterm (so even if xterm is
setuid, it will still write utmp entries tagged as having
been generated by a normal user).
* utmp entries also have a type field, which can be a number
of values, the most interesting of which are USER_PROCESS
and DEAD_PROCESS. A USER_PROCESS entry is a running process
(a remote login, an xterm, etc.) while a DEAD_PROCESS entry
is one that used to be a USER_PROCESS entry except its
process died.
* There is a daemon called utmpd which has the job of cleaning
the utmp file. It does so by polling the process IDs
mentioned in utmp entries, and cleaning up utmp entries
whose processes have died. It finds out about process
IDs both from the libc utmp routines (which informs it
through the named pipe /etc/utmppipe) and from scanning the
utmp file periodically.
Okay, things that are possibly wrong:
* A change in the Solaris 2.4 /bin/finger causes it to ignore
utmp entries flagged as created by normal users. So if you
"finger @machine", you will see only the entries created by
the user's login, not entries created by xterm.
* This is not new in Solaris 2.4, but "/bin/finger -s
username" (corresponding to "finger username@machine") lists
DEAD_PROCESS entries for the user as well as USER_PROCESS
entries. So you see a lot of utmp entries corresponding to
nonexistent processes.
* I've seen utmp ghosts from time to time (USER_PROCESS
entries corresponding to really old logins), despite the
presence of a daemon whose goal is to eliminate them. The
next time I see one, I'll investigate.
The first of these problems is a pretty serious divergence from what
we're used to on Athena machines. In particular, if you want to
estimate out someone's idle time using the idle time on their ttys,
you have to "finger username@machinename" instead of just doing
"finger @machinename".
As most of you have noticed by now, I really hate modifying the vendor
operating system, so I am not going to do anything to address these
problems unless someone gets in contact with Sun to find out if the
first two problems are intended behavior or actual bugs.