Jayr Al-Dyn wrote:
> I am worried about something I noticed this week. I am using gkrellm to > monitor the system in a Woody box (with kernel 2.4.18), and it shows > there are no users even when I'm logged. > > Again, in a shell window, a "who" command returns no users, when it > should return at least one (jayraldyn). > > Should I be worried? Can it be a bug or something misconfigured? "who" basically just dumps the contents of the "utmp" file (e.g. /var/run/utmp or /var/log/utmp). Not all programs update this file; terminal emulators such as xterm etc may need to be setuid root (or at least setgid "utmp") in order to write to it. "who" and the "utmp" are more of a convenience than a security measure. For a start, utmp is only intended to record interactive logins, but there are plenty of ways in which a valid user can run code without actually being "logged in" (e.g. modify ~/.forward, ~/.procmailrc etc via FTP). -- Glynn Clements <[EMAIL PROTECTED]>
