Solved

AIX: user is not logged in, but user processes are still running

Posted on 2013-11-18
7
828 Views
Last Modified: 2013-12-05
Hi !

Please watch this:

[root@p750 bin]# w | grep "cl00-3"

from where I can imagine the user cl00-3 is not logged in anymore.

But then you see a process eating a lot of cpu on topas: 48628662

[root@p750 bin]# pstree -p 48628662
-+- 00001 root /etc/init
 \-+= 4194592 root /usr/sbin/srcmstr
   \-+= 39781132 root /usr/sbin/inetd
     \-+= 16582992 root telnetd -ac
       \-+= 11012174 cl00-3 /bin/bash /uv6/bin/uv.login
         \--- 48628662 cl00-3 /uv1/uv/bin/uvdls
[root@p750 bin]#

last also shows the user is not logged in anymore.
It's obvious the user disconnected, probably with a "hard disconnect", and somehow AIX noted it - as it's not in the user list - but user processes are still running.

How can I trap this disconnection and kill the user proctree ?

Thanks in advance,

Ronald
0
Comment
Question by:rsekkel
  • 3
  • 3
7 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 39658215
Not sufficiently familiar with AIX, but a unix/Linux system has an option to trap sighup events which is often sent to child processes on disconnect.  See whether the task is being spawn within cron if allowed.  If you have screen available, the process might be managed/controlled by screen.

There might be soothing else that is spawning this process with user credentials.
0
 

Author Comment

by:rsekkel
ID: 39659001
Hi Arnold !

Thanks for your message.

Yes, in AIX there's the "trap sighup", and we are already using it - but it's not working. It seems to me the sighup is not reaching the user login script.

This is a green screen app, and users use a windows terminal emulator to reach the server. The problem is some users do not follow the logoff procedure and just close the emulator in the "X". Somehow AIX figure out this, and take the user out of utmp, but the client process tree stay alive, eating all CPU from one thread.

Thanks,

Ronald
0
 
LVL 4

Expert Comment

by:popesy
ID: 39659019
Hi,

Trapping the disconnect may be able to be done using your syslog daemon config using the 'auth' facility and logging to a file of your choice.

If by 'hard disconnect' you mean that this user session is killed unexpectedly, I'm not sure you'll be able to trap that using syslog.  I'm not aware of how that might be captured.

Killing the proctree; assuming you want to do this manually then a simple 'kill -9 <pid>' will sort out any redundant/orphan processes.  Just remember to start with the highest value <pid> for the user in question.

If you want some automated way of doing this, that's over to you to script a solution :-)

Cheers.
0
Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 39661072
The application/program env would either have a built-in mechanism to trap (ignore or do some predefine function) received SIGHUP reverts.
A sighup often triggers a reset/exit.  Some programs use SIGHUP as a reload/reread settings, thus preventing auto termination/end of the process.

In user accessed systems, there are idle session cleanup script one could/would setup using cron or any available scheduler.


Type of inbound connection could also be the cause for the issue.
0
 

Author Comment

by:rsekkel
ID: 39662207
Hi all !

Thanks for your messages.

We already have a cron script to clean lost users - but it's heavy (and ugly). It has to capture all processes using ps, extract all userid's, unify them and then start checking one by one if the user is still logged in using who | grep user (for each user). When you have around 2.500 users logged in this is not the kind of script you want to run every five minutes.

The "trap exit sighup" for some (so far unknown) reason is failing. If the user is not on utmp anymore, somehow AIX got the info about the disconnection, but this is not killing the user process tree.

I'll try to get some more info. Any ideas are welcome.

Thanks,

Ron
0
 
LVL 77

Expert Comment

by:arnold
ID: 39664517
Check if your script get use last instead.  See who recently logged out, then see if any of these users have processes.
Does your AIX handle inbound email? Do users setup filtering, process to deal with emails?  That might be one way a process is started by the LDA of the mail server.

Using who to build a hash/array and then checking for the existence of the element might be another approach.
0
 

Author Closing Comment

by:rsekkel
ID: 39699466
After I fixed the login script, sighup was able to kill the user session, and so I don't have to be concerned about processess eating all cpu.

Thanks for the heads up and for the solution.

Ron
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question