Hello,
The utmp is a binary file and its structure is showed here:
It could be something wrong with the utmp file (corrupted) or something wrong with the who program (32 vs 64 bit ?).
You didn't mix 32 bit with 64 bit programs in your installation, do you ?
Are you logging remotely (ssh), aren't you ? Or are you connecting from the same computer via ssh ?
If the utmp file is corrupted, you might rename it (for example, from "utmp" to "utmp.old") and create a new empty one (as root user):It could be interesting take looking at the utmp file: if you don't mind, you can send it as attachment to a follow up post.
Hope this helps.
The who command reads the /var/run/utmp file, that stores login date/time.Recently I updated my Debian server from 11 to 12.
When I execute the "who" command, the login time is strange like follows:The version of the who command is 9.1 and the OS version isCode:
username pts/0 9640093-11-26 07:12 (192.168.15.73)
The utmp is a binary file and its structure is showed here:
- https://manpages.debian.org/bookworm/manpages-it/utmp.5.it.html:
Code:
struct utmp { short ut_type; /* Type of record */ pid_t ut_pid; /* PID of login process */ char ut_line[UT_LINESIZE]; /* Device name of tty - "/dev/" */ char ut_id[4]; /* Terminal name suffix, or inittab(5) ID */ char ut_user[UT_NAMESIZE]; /* Username */ char ut_host[UT_HOSTSIZE]; /* Hostname for remote login, or kernel version for run-level messages */ struct exit_status ut_exit; /* Exit status of a process marked as DEAD_PROCESS; not used by Linux init(1) */ /* The ut_session and ut_tv fields must be the same size when compiled 32- and 64-bit. This allows data files and shared memory to be shared between 32- and 64-bit applications. */ #if __WORDSIZE == 64 && defined __WORDSIZE_COMPAT32 int32_t ut_session; /* Session ID (getsid(2)), used for windowing */ struct { int32_t tv_sec; /* Seconds */ int32_t tv_usec; /* Microseconds */ } ut_tv; /* Time entry was made */ #else long ut_session; /* Session ID */ struct timeval ut_tv; /* Time entry was made */ #endif int32_t ut_addr_v6[4]; /* Internet address of remote host; IPv4 address uses just ut_addr_v6[0] */ char __unused[20]; /* Reserved for future use */ };
Code:
$ apt list coreutilsYou are currently running a 32 bit kernel.6.1.0-17-686-pae #1 SMP PREEMPT_DYNAMIC Debian 6.1.69-1 (2023-12-30) i686 GNU/Linux
It could be something wrong with the utmp file (corrupted) or something wrong with the who program (32 vs 64 bit ?).
You didn't mix 32 bit with 64 bit programs in your installation, do you ?
Are you logging remotely (ssh), aren't you ? Or are you connecting from the same computer via ssh ?
If the utmp file is corrupted, you might rename it (for example, from "utmp" to "utmp.old") and create a new empty one (as root user):
Code:
cd /var/run/mv utmp utmp.oldtouch utmpchmod 0664 utmpchgrp utmp utmpHope this helps.
Statistics: Posted by Aki — 2024-01-04 09:26 — Replies 1 — Views 70