version 1, including all changes.
.
Rev |
Author |
# |
Line |
1 |
perry |
1 |
UTMP |
|
|
2 |
!!!UTMP |
|
|
3 |
NAME |
|
|
4 |
SYNOPSIS |
|
|
5 |
DESCRIPTION |
|
|
6 |
FILES |
|
|
7 |
CONFORMING TO |
|
|
8 |
RESTRICTIONS |
|
|
9 |
BUGS |
|
|
10 |
SEE ALSO |
|
|
11 |
---- |
|
|
12 |
!!NAME |
|
|
13 |
|
|
|
14 |
|
|
|
15 |
utmp, wtmp - login records |
|
|
16 |
!!SYNOPSIS |
|
|
17 |
|
|
|
18 |
|
|
|
19 |
#include |
|
|
20 |
!!DESCRIPTION |
|
|
21 |
|
|
|
22 |
|
|
|
23 |
The __utmp__ file allows one to discover information |
|
|
24 |
about who is currently using the system. There may be more |
|
|
25 |
users currently using the system, because not all programs |
|
|
26 |
use utmp logging. |
|
|
27 |
|
|
|
28 |
|
|
|
29 |
__Warning: utmp__ must not be writable, because many |
|
|
30 |
system programs (foolishly) depend on its integrity. You |
|
|
31 |
risk faked system logfiles and modifications of system files |
|
|
32 |
if you leave __utmp__ writable to any user. |
|
|
33 |
|
|
|
34 |
|
|
|
35 |
The file is a sequence of entries with the following |
|
|
36 |
structure declared in the include file (note that this is |
|
|
37 |
only one of several definitions around; details depend on |
|
|
38 |
the version of libc): |
|
|
39 |
|
|
|
40 |
|
|
|
41 |
#define UT_UNKNOWN 0 |
|
|
42 |
#define RUN_LVL 1 |
|
|
43 |
#define BOOT_TIME 2 |
|
|
44 |
#define NEW_TIME 3 |
|
|
45 |
#define OLD_TIME 4 |
|
|
46 |
#define INIT_PROCESS 5 |
|
|
47 |
#define LOGIN_PROCESS 6 |
|
|
48 |
#define USER_PROCESS 7 |
|
|
49 |
#define DEAD_PROCESS 8 |
|
|
50 |
#define ACCOUNTING 9 |
|
|
51 |
#define UT_LINESIZE 12 |
|
|
52 |
#define UT_NAMESIZE 32 |
|
|
53 |
#define UT_HOSTSIZE 256 |
|
|
54 |
struct exit_status { |
|
|
55 |
short int e_termination; /* process termination status. */ |
|
|
56 |
short int e_exit; /* process exit status. */ |
|
|
57 |
}; |
|
|
58 |
struct utmp { |
|
|
59 |
short ut_type; /* type of login */ |
|
|
60 |
pid_t ut_pid; /* pid of login process */ |
|
|
61 |
char ut_line[[UT_LINESIZE]; /* device name of tty - |
|
|
62 |
|
|
|
63 |
|
|
|
64 |
This structure gives the name of the special file associated |
|
|
65 |
with the user's terminal, the user's login name, and the |
|
|
66 |
time of login in the form of time(2). String fields |
|
|
67 |
are terminated by __'0'__ if they are shorter than the |
|
|
68 |
size of the field. |
|
|
69 |
|
|
|
70 |
|
|
|
71 |
The first entries ever created result from init(8) |
|
|
72 |
processing inittab(5). Before an entry is processed, |
|
|
73 |
though, init(8) cleans up utmp by setting |
|
|
74 |
__ut_type__ to __DEAD_PROCESS__, clearing |
|
|
75 |
__ut_user__, __ut_host__ and __ut_time__ with null |
|
|
76 |
bytes for each record which __ut_type__ is not |
|
|
77 |
__DEAD_PROCESS__ or __RUN_LVL__ and where no process |
|
|
78 |
with PID __ut_pid__ exists. If no empty record with the |
|
|
79 |
needed __ut_id__ can be found, init creates a new one. It |
|
|
80 |
sets __ut_id__ from the inittab, __ut_pid__ and |
|
|
81 |
__ut_time__ to the current values and __ut_type__ to |
|
|
82 |
__INIT_PROCESS__. |
|
|
83 |
|
|
|
84 |
|
|
|
85 |
getty(8) locates the entry by the pid, changes |
|
|
86 |
__ut_type__ to __LOGIN_PROCESS__, changes |
|
|
87 |
__ut_time__, sets __ut_line__ and waits for connection |
|
|
88 |
to be established. login(8), after a user has been |
|
|
89 |
authenticated, changes __ut_type__ to |
|
|
90 |
__USER_PROCESS__, changes __ut_time__ and sets |
|
|
91 |
__ut_host__ and __ut_addr__. Depending on |
|
|
92 |
getty(8) and login(8), records may be located |
|
|
93 |
by __ut_line__ instead of the preferable |
|
|
94 |
__ut_pid__. |
|
|
95 |
|
|
|
96 |
|
|
|
97 |
When init(8) finds that a process has exited, it |
|
|
98 |
locates its utmp entry by __ut_pid__, sets __ut_type__ |
|
|
99 |
to __DEAD_PROCESS__ and clears __ut_user__, |
|
|
100 |
__ut_host__ and __ut_time__ with null |
|
|
101 |
bytes. |
|
|
102 |
|
|
|
103 |
|
|
|
104 |
xterm(1) and other terminal emulators directly create |
|
|
105 |
a __USER_PROCESS__ record and generate the __ut_id__ |
|
|
106 |
by using the last two letters of __/dev/ttyp__''%c'' |
|
|
107 |
or by using __p__''%d'' for __/dev/pts/__''%d''. |
|
|
108 |
If they find a __DEAD_PROCESS__ for this id, they recycle |
|
|
109 |
it, otherwise they create a new entry. If they can, they |
|
|
110 |
will mark it as __DEAD_PROCESS__ on exiting and it is |
|
|
111 |
advised that they null __ut_line__, __ut_time__, |
|
|
112 |
__ut_user__ and __ut_host__ as well. |
|
|
113 |
|
|
|
114 |
|
|
|
115 |
xdm(8) should not create an utmp record, because |
|
|
116 |
there is no assigned terminal. Letting it create one will |
|
|
117 |
result in trouble like: finger: can not stat |
|
|
118 |
/dev/machine.dom. It should create wtmp entries, though, |
|
|
119 |
just like ftpd(8) does. |
|
|
120 |
|
|
|
121 |
|
|
|
122 |
telnetd(8) sets up a __LOGIN_PROCESS__ entry and |
|
|
123 |
leaves the rest to login(8) as usual. After the |
|
|
124 |
telnet session ends, telnetd(8) cleans up utmp in the |
|
|
125 |
described way. |
|
|
126 |
|
|
|
127 |
|
|
|
128 |
The __wtmp__ file records all logins and logouts. Its |
|
|
129 |
format is exactly like __utmp__ except that a null user |
|
|
130 |
name indicates a logout on the associated terminal. |
|
|
131 |
Furthermore, the terminal name ____ with |
|
|
132 |
user name ____ or |
|
|
133 |
____ indicates a system shutdown or |
|
|
134 |
reboot and the pair of terminal names |
|
|
135 |
____/____ logs the old/new |
|
|
136 |
system time when date(1) changes it. __wtmp__ is |
|
|
137 |
maintained by login(1), and init(1) and some |
|
|
138 |
versions of getty(1). Neither of these programs |
|
|
139 |
creates the file, so if it is removed record-keeping is |
|
|
140 |
turned off. |
|
|
141 |
!!FILES |
|
|
142 |
|
|
|
143 |
|
|
|
144 |
/var/run/utmp |
|
|
145 |
/var/log/wtmp |
|
|
146 |
!!CONFORMING TO |
|
|
147 |
|
|
|
148 |
|
|
|
149 |
Linux utmp entries conform neither to v7/BSD nor to SYSV: |
|
|
150 |
They are a mix of the two. v7/BSD has fewer fields; most |
|
|
151 |
importantly it lacks __ut_type__, which causes native |
|
|
152 |
v7/BSD-like programs to display (for example) dead or login |
|
|
153 |
entries. Further there is no configuration file which |
|
|
154 |
allocates slots to sessions. BSD does so, because it lacks |
|
|
155 |
__ut_id__ fields. In Linux (as in SYSV), the __ut_id__ |
|
|
156 |
field of a record will never change once it has been set, |
|
|
157 |
which reserves that slot without needing a configuration |
|
|
158 |
file. Clearing __ut_id__ may result in race conditions |
|
|
159 |
leading to corrupted utmp entries and and potential security |
|
|
160 |
holes. Clearing the above mentioned fields by filling them |
|
|
161 |
with null bytes is not required by SYSV semantics, but it |
|
|
162 |
allows to run many programs which assume BSD semantics and |
|
|
163 |
which do not modify utmp. Linux uses the BSD conventions for |
|
|
164 |
line contents, as documented above. |
|
|
165 |
|
|
|
166 |
|
|
|
167 |
SYSV only uses the type field to mark them and logs |
|
|
168 |
informative messages such as e.g. __ |
|
|
169 |
__ in the line field. __UT_UNKNOWN__ seems to |
|
|
170 |
be a Linux invention. SYSV has no __ut_host__ or |
|
|
171 |
__ut_addr_v6__ fields. |
|
|
172 |
|
|
|
173 |
|
|
|
174 |
Unlike various other systems, where utmp logging can be |
|
|
175 |
disabled by removing the file, utmp must always exist on |
|
|
176 |
Linux. If you want to disable who(1) then do not make |
|
|
177 |
utmp world readable. |
|
|
178 |
|
|
|
179 |
|
|
|
180 |
Note that the utmp struct from libc5 has changed in libc6. |
|
|
181 |
Because of this, binaries using the old libc5 struct will |
|
|
182 |
corrupt ''/var/run/utmp'' and/or ''/var/log/wtmp''. |
|
|
183 |
Debian systems include a patched libc5 which uses the new |
|
|
184 |
utmp format. The problem still exists with wtmp since it's |
|
|
185 |
accessed directly in libc5. |
|
|
186 |
!!RESTRICTIONS |
|
|
187 |
|
|
|
188 |
|
|
|
189 |
The file format is machine dependent, so it is recommended |
|
|
190 |
that it be processed only on the machine architecture where |
|
|
191 |
it got created. |
|
|
192 |
!!BUGS |
|
|
193 |
|
|
|
194 |
|
|
|
195 |
This manpage is based on the libc5 one, things may work |
|
|
196 |
differently now. |
|
|
197 |
!!SEE ALSO |
|
|
198 |
|
|
|
199 |
|
|
|
200 |
ac(1), date(1), getutent(3), |
|
|
201 |
init(8), last(1), login(1), |
|
|
202 |
updwtmp(3), who(1) |
|
|
203 |
---- |