Learning about remote users
Dan Ellard
ellard at bbn.com
Fri Mar 17 12:33:33 AEST 1989
In article <2124 at helios.ee.lbl.gov> envbvs at epb6 (Brian V. Smith) writes:
>
> In article <199 at minya.UUCP> jc at minya.UUCP (John Chambers) writes:
> >Suppose that you have a Unix system (BSD, Sys/V, Xenix, etc.) connected to
> >a network via the usual TCP-style networking, and you'd like to learn what
> >you can about who is logging in. The obvious thing to do is to insert some
>
>Yes, the program 'who' shows both the tty (pseudo-tty for remote login)
>and the originating machine in parentheses. This holds true for 4.2BSD,
>Ultrix and SunOs systems. I don't know about any others
Unfortunately, the who program gets its information about the name of the user
logged in on each line from utmp, which (at least on ULTRIX and SunOS 3.x) is
publicly writable, so a clever user can dup the who, w, finger, and users
programs. /usr/adm/wtmp is usually more secure, since it is only written
to by login and init (run as daemons) and is not publicly writeable. I
don't know if wtmp exists on SysV or Xenix, but I would be surprised if
something equivalent doesn't exist.
Your best bet is probably to write a new login program which kept track of
whatever info you wanted about each login, if you are really serious about it.
Other things to look at: ps, which gives info about who is logged in (reliably,
as far as I know) and netstat, which tells which hosts have network connections
to your host (even though it doesn't say who is logged in on them).
Good Luck!
-Dan
Dan Ellard
ellard at bbn.com
More information about the Comp.unix.wizards
mailing list