Hi, I have several systems that report 'w' and 'who' wrong/corrupted: root@neo:~# w USER TTY FROM LOGIN@ IDLE WHAT kyle p0 - 31Dec69 - w Obviously, Dec 31st 1969 is not right: root@neo:~# date Mon Jul 12 11:27:15 PDT 2004 I read a few manpages and did some google'ing, and couldn't find much of anything about rebuilding wtmp. I tried just moving wtmp to wtmp.old and then doing 'touch wtmp', then logging out and back in, but it still reads 31Dec69. Is there some way to fix this? Thanks all. -Kyle Mott
* Kyle Mott <kyle@xraided.net> (20040712 11:32):> I read a few manpages and did some google'ing, and couldn't find much of > anything about rebuilding wtmp. I tried just moving wtmp to wtmp.old and > then doing 'touch wtmp', then logging out and back in, but it still > reads 31Dec69. Is there some way to fix this? Thanks all.[ This should belong to -questions but anyway: ] The file is used by login(1), so you should restart login to use the file (the old file is still kept open). You could do this by booting in single user mode, touching the wtmp file, and let the boot go on. -- olive
On Mon, 12 Jul 2004, Kyle Mott wrote:> Hi, I have several systems that report 'w' and 'who' wrong/corrupted: > root@neo:~# w > USER TTY FROM LOGIN@ IDLE WHAT > kyle p0 - 31Dec69 - w > > Obviously, Dec 31st 1969 is not right: > root@neo:~# date > Mon Jul 12 11:27:15 PDT 2004you might make sure your w/who binary hasn't been fiddled with. Changes like this tend to point to a diagreement among utmp/wtmp writers about the file format. I've seen this where w was trojaned to mask certain user logins. -- Doug White | FreeBSD: The Power to Serve dwhite@gumbysoft.com | www.FreeBSD.org