Stop Microsoft

Operating Systems => Linux and UNIX => Topic started by: Ice-9 on 25 June 2002, 10:53

Title: shell question
Post by: Ice-9 on 25 June 2002, 10:53

When I type "uptime" in a shell I get

7:57am  up 7 min,  3 users,  load average: 0.00, 0.10, 0.07

Where do the 3 users come from?
I read somewhere that it meant that "3 users were telnetted to the server" .......
Does that mean that someone is conected with my pc?

Title: shell question
Post by: choasforages on 25 June 2002, 11:01

you are probably in x, every X-term or E-term or rxvt is counted as a user, type in
who

that should tell you more

Title: shell question
Post by: Ice-9 on 25 June 2002, 11:06

Ok, did that and a few other things.
yc@linux:~> who
yc       :0       Jun 25 07:50 (console)
yc       pts/0    Jun 25 07:51
yc       pts/1    Jun 25 07:57
yc@linux:~> whoami
yc
yc@linux:~> w
  8:10am  up 20 min,  3 users,  load average: 0.00, 0.00, 0.01
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU  WHAT
yc       :0       console           7:50am   ?     0.00s   ?     -
yc       pts/0    -                 7:51am 19:17   0.00s   ?     -
yc       pts/1    -                 7:57am  0.00s  0.05s  0.01s  w
yc@linux:~> finger
Login      Name                  Tty      Idle  Login Time   Where
yc         Yves Cluckers         :0        93d     Tue 07:50 console
yc         Yves Cluckers         pts/0      19     Tue 07:51
yc         Yves Cluckers        *pts/1       -     Tue 07:57

I just didn't know if it weren't possible that someone telnetted into my machine using my login.
Would that even be possible?
I guess it would generate a user conflict, wouldn't it?

Title: shell question
Post by: choasforages on 25 June 2002, 11:11

nope, with out modifications, you can logon to as many times as you want

Title: shell question
Post by: cyrax on 25 June 2002, 17:34

i would recommend you disable telnet if you are actually using that... as the passwords are transferred as plain text whereas ssh is encrypted.

Title: shell question
Post by: mulac on 25 June 2002, 18:23

maybe the three users are "yc", "root" and "nobody", or am i totally on the wrong track here?

Title: shell question
Post by: Master of Reality on 25 June 2002, 20:36

root doesnt count as a user (root is a superuser). Nobody doesnt count on mine. I just have one user. hmmmm.... have you added any other users for other programs to run as?

Title: shell question
Post by: Ice-9 on 25 June 2002, 21:51

Actually all users are "yc", and I didn't add any other user, just root and my user account.
I don't think someone is telnetting into my machine but I disabled telnet anyway (had to do some research to find out how)  (http://smile.gif)

yc@linux:~> ps -ef | grep yc
yc        2313  2288  0 18:45 ?        00:00:00 /bin/sh /usr/X11R6/bin/kde
yc        2329     1  0 18:45 ?        00:00:00 /opt/gnome/bin/medusa-idled
yc        2367     1  0 18:45 ?        00:00:00 kdeinit: Running...
yc        2370     1  0 18:45 ?        00:00:00 kdeinit: dcopserver --nosid
yc        2373     1  0 18:45 ?        00:00:00 kdeinit: klauncher
yc        2375     1  0 18:45 ?        00:00:01 kdeinit: kded
yc        2381  2367  0 18:45 ?        00:00:00 /opt/kde3//bin/artsd -F 5 -S 409                                                              6 -s 5 -m artsmessage -l 3 -f
yc        2383     1  0 18:45 ?        00:00:00 kdeinit: knotify
yc        2385  2313  0 18:45 ?        00:00:00 kwrapper ksmserver --restore
yc        2387     1  0 18:45 ?        00:00:00 kdeinit: ksmserver --restore
yc        2388  2367  0 18:45 ?        00:00:00 kdeinit: kwin -session 11c0a8010                                                              1000102434161500000111900000
yc        2391     1  0 18:45 ?        00:00:00 kdeinit: kwrited
yc        2393     1  0 18:45 ?        00:00:00 kdeinit: kdesktop
yc        2396     1  0 18:45 ?        00:00:00 kdeinit: kicker
yc        2400     1  0 18:45 ?        00:00:00 kdeinit: klipper -icon klipper -                                                              miniicon klipper
yc        2403     1  0 18:45 ?        00:00:00 kdeinit: kmix -session 11c0a8010                                                              1000102434162000000111900007
yc        2405  2367  0 18:45 ?        00:00:00 kdeinit: konsole -session 11c0a8                                                              0101000102502307700000018640005
yc        2408     1  0 18:45 ?        00:00:00 korgac --miniicon korganizer
yc        2410     1  0 18:45 ?        00:00:00 kalarmd -session 11c0a8010100010                                                              2466635900000018820004
yc        2411  2405  0 18:45 pts/1    00:00:00 /bin/bash
yc        2425  2411  0 18:49 pts/1    00:00:00 ps -ef

Seeing all of this there seems to be a lot of things that belong to KDE and if I run the "w" command I get this

 6:55pm  up 20 min,  3 users,  load average: 0.01, 0.06, 0.08
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU  WHAT
yc       :0       console           6:45pm   ?     0.00s   ?     -
yc       pts/0    -                 6:45pm 10:18   0.00s   ?     -
yc       pts/1    -                 6:45pm  0.00s  0.06s  0.01s  w

So I really don't thik there's anything wrong, it just seems odd that it lists 3 users (please someone correct me if I'm wrong) and also I an't remember always having 3 users listed.

At the very least this has served a useful purpose since I found some pretty interesting sites about Linux and security ...

Title: shell question
Post by: voidmain on 25 June 2002, 21:51

It is counting you as three users because it sees you using up 3 different ttys (console, pts/0, pts/1).   Each xterm you open would take up a different tty.  Every process you run under that terminal would be associated with that tty.  Open up a few more xterms/kterms and see how many users it says.  So all of the users are actually just user "yc".  The number of users should directly relate to the number of lines returned by the "w" command.  It's really how many ttys, not how many "different" users.

[ June 25, 2002: Message edited by: VoidMain ]