SUMMARY: utmpd/wtmpx/last problem

From: Sal Serafino <>
Date: Thu Apr 08 2004 - 11:33:06 EDT
Hi All-

Thanks to all for their help.  Sorry for the late response, but it does take 
awhile for the problem to happen and I've also done a little testing.  I even 
verified /usr/bin/last with a copy that is known to work.  The problem is 
unsolved as yet.  If I solve this one I'll let you all know.  This box is known 
to be hack free, but thanks to all who suggested I check for that.  The two main 
suggestions were OpenSSH 64-bit problems and /var overflows.

Since this is a user's workstation SSH should have had no effect in the first 
place because all logins occur from the console.  I turned off SSH entirely and 
still had the problem.   Casper suggested I zap wtmpx and start from scratch.  
Rather than zap the file, I have resigned myself to fixing it with bvi.  Messy, 
but at least you get some history.


Original Posting:
>I have an Ultra-5 running Solaris-8, 108528-29.  The problem is that after 
>a week and a half, or about a dozen logons, 'last' reports a mystery session 
>that started Dec 31 and is still logged on.  Subsequent sessions are logged in 
>/var/adm/wtmpx (I checked with a binary editor) but the database appears to be 
>corrupted somehow.  The /var filesystem is about 56% full and has over 400MB 
>free.  It's not a space issue because /var/adm/wtmpx is being updated.  I 
>in the software registry, and the file /usr/bin/last checks out.
sunmanagers mailing list
Received on Thu Apr 8 11:32:57 2004

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:33 EST