I was working on a box for a client. They asked me to help.
After fixing the problem, I checked to see if the client was still logged in.
Here's what I saw:
[root@p100:/var/log] # who
[root@p100:/var/log] # w
9:21PM up 5:18, 0 users, load averages: 0.08, 0.09, 0.03
USER TTY FROM LOGIN@ IDLE WHAT
That's wrong. You can't issue a who or a w and get no
users. You're logged in. You should at least see you. uptime
gave similar incorrect information.
Actually, you can be logged in and not seen. Here are the various things people
have mentioned:
- screen will let you do this, using the deflogin off option in your screen rc. add
a chmod 711 ~; touch .nofinger and you're pratically invisible
My first thought was: someone has root'd this box.
So I asked on IRC and was told that it seems that my /var/log/wtmp is
screwed. DOH!
So I logged out and back in again. Then everything worked:
[root@p100:/var/mail] # who
dan ttyp1 Nov 1 21:24 (203.79.82.27)
[root@p100:/var/mail] # uptime
9:50PM up 5:47, 1 user, load averages: 0.00, 0.01, 0.00
|
