Menu
I was going through logged in user in to my system using who command what i found is very surprising a user named unknown is logged in
Result of command who :
myuser pts/1 Aug 6 20:27 (localhost)
(unknown) :0 Aug 5 16:25 (:0)
myuser pts/0 Aug 6 00:48 (localhost.localdomain)
But when i tried running w it results different:
20:46:53 up 1 day, 23:11, 3 users, load average: 1.00, 1.01, 1.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
myuser pts/1 localhost 20:27 5.00s 0.20s 0.03s w
myuser pts/0 localhost.locald 00:48 19:57m 0.08s 1.71s python2 -m guake.main
I am neither able to find any user on my machine named unknown. On trying sudo su unknown/"(unknown)"
I tried running last it shows unknown user still logged in
myuser pts/1 localhost Thu Aug 6 20:27 still logged in
myuser pts/2 :pts/1:S.0 Thu Aug 6 20:15 - 20:16 (00:00)
myuser pts/1 localhost Thu Aug 6 20:03 - 20:18 (00:15)
myuser pts/2 :pts/1:S.0 Thu Aug 6 19:49 - 19:49 (00:00)
myuser pts/1 localhost Thu Aug 6 19:47 - 19:49 (00:02)
myuser pts/1 localhost Thu Aug 6 19:37 - 19:46 (00:09)
myuser pts/1 localhost Thu Aug 6 19:33 - 19:37 (00:03)
myuser pts/1 :9 Thu Aug 6 19:32 - 19:33 (00:00)
myuser pts/1 localhost Thu Aug 6 19:26 - 19:32 (00:05)
myuser pts/2 :pts/1:S.0 Thu Aug 6 19:22 - 19:22 (00:00)
myuser pts/1 localhost Thu Aug 6 19:22 - 19:22 (00:00)
myuser pts/2 :pts/1:S.0 Thu Aug 6 19:15 - 19:16 (00:00)
myuser pts/1 localhost Thu Aug 6 19:15 - 19:16 (00:00)
myuser pts/2 :pts/1:S.0 Thu Aug 6 19:13 - 19:13 (00:00)
myuser pts/1 localhost Thu Aug 6 19:13 - 19:13 (00:00)
myuser pts/2 :pts/1:S.0 Thu Aug 6 19:12 - 19:13 (00:00)
myuser pts/2 :pts/1:S.0 Thu Aug 6 19:11 - 19:11 (00:00)
myuser pts/2 :pts/1:S.0 Thu Aug 6 19:10 - 19:10 (00:00)
myuser pts/1 localhost Thu Aug 6 18:37 - 19:13 (00:35)
myuser pts/1 localhost Thu Aug 6 18:17 - 18:21 (00:03)
myuser pts/1 localhost Thu Aug 6 18:09 - 18:13 (00:03)
myuser pts/0 localhost.locald Thu Aug 6 00:48 still logged in
myuser pts/0 localhost.locald Thu Aug 6 00:34 - 00:48 (00:14)
myuser pts/1 :9 Wed Aug 5 23:01 - 23:01 (00:00)
myuser pts/0 localhost.locald Wed Aug 5 22:00 - 00:34 (02:34)
myuser pts/0 localhost Wed Aug 5 21:06 - 21:06 (00:00)
myuser pts/0 localhost Wed Aug 5 20:57 - 20:59 (00:01)
myuser pts/0 localhost Wed Aug 5 20:56 - 20:56 (00:00)
myuser pts/0 localhost Wed Aug 5 20:56 - 20:56 (00:00)
myuser pts/0 :9 Wed Aug 5 20:55 - 20:56 (00:00)
myuser pts/4 localhost Wed Aug 5 20:14 - 20:55 (00:40)
myuser pts/4 localhost Wed Aug 5 20:11 - 20:12 (00:00)
myuser pts/5 localhost Wed Aug 5 19:52 - 19:56 (00:04)
myuser pts/4 localhost Wed Aug 5 19:29 - 19:31 (00:02)
myuser pts/2 localhost Wed Aug 5 18:42 - 19:32 (00:49)
myuser pts/2 localhost Wed Aug 5 18:42 - 18:42 (00:00)
myuser pts/3 :9 Wed Aug 5 18:38 - 18:42 (00:04)
myuser pts/3 localhost Wed Aug 5 16:28 - 16:28 (00:00)
myuser pts/2 :9 Wed Aug 5 16:26 - 16:28 (00:02)
(unknown :0 :0 Wed Aug 5 16:25 still logged in
Any idea how ?
872
I faced a similar problem some time ago on a Fedora host. In my case, i found it was the X system that created a wrong entry in /var/run/utmp.
Here the link to the page.
Maybe you are not using Fedora but I suggest to try disable X and check if you still have an (unknown) user logged in.
Hope this helps.
53
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
