Blame: wtmp(5) - Waikato Linux Users Group

Annotated edit history of wtmp(5) version 1, including all changes. View license author blame.

Rev	Author	#	Line
1	perry	1	`UTMP`
		2	`!!!UTMP`
		3	`NAME`
		4	`SYNOPSIS`
		5	`DESCRIPTION`
		6	`FILES`
		7	`CONFORMING TO`
		8	`RESTRICTIONS`
		9	`BUGS`
		10	`SEE ALSO`
		11	`----`
		12	`!!NAME`
		13
		14
		15	`utmp, wtmp - login records`
		16	`!!SYNOPSIS`
		17
		18
		19	`#include`
		20	`!!DESCRIPTION`
		21
		22
		23	`The __utmp__ file allows one to discover information`
		24	`about who is currently using the system. There may be more`
		25	`users currently using the system, because not all programs`
		26	`use utmp logging.`
		27
		28
		29	`__Warning: utmp__ must not be writable, because many`
		30	`system programs (foolishly) depend on its integrity. You`
		31	`risk faked system logfiles and modifications of system files`
		32	`if you leave __utmp__ writable to any user.`
		33
		34
		35	`The file is a sequence of entries with the following`
		36	`structure declared in the include file (note that this is`
		37	`only one of several definitions around; details depend on`
		38	`the version of libc):`
		39
		40
		41	`#define UT_UNKNOWN 0`
		42	`#define RUN_LVL 1`
		43	`#define BOOT_TIME 2`
		44	`#define NEW_TIME 3`
		45	`#define OLD_TIME 4`
		46	`#define INIT_PROCESS 5`
		47	`#define LOGIN_PROCESS 6`
		48	`#define USER_PROCESS 7`
		49	`#define DEAD_PROCESS 8`
		50	`#define ACCOUNTING 9`
		51	`#define UT_LINESIZE 12`
		52	`#define UT_NAMESIZE 32`
		53	`#define UT_HOSTSIZE 256`
		54	`struct exit_status {`
		55	`short int e_termination; /* process termination status. */`
		56	`short int e_exit; /* process exit status. */`
		57	`};`
		58	`struct utmp {`
		59	`short ut_type; /* type of login */`
		60	`pid_t ut_pid; /* pid of login process */`
		61	`char ut_line[[UT_LINESIZE]; /* device name of tty -`
		62
		63
		64	`This structure gives the name of the special file associated`
		65	`with the user's terminal, the user's login name, and the`
		66	`time of login in the form of time(2). String fields`
		67	`are terminated by __'0'__ if they are shorter than the`
		68	`size of the field.`
		69
		70
		71	`The first entries ever created result from init(8)`
		72	`processing inittab(5). Before an entry is processed,`
		73	`though, init(8) cleans up utmp by setting`
		74	`__ut_type__ to __DEAD_PROCESS__, clearing`
		75	`__ut_user__, __ut_host__ and __ut_time__ with null`
		76	`bytes for each record which __ut_type__ is not`
		77	`__DEAD_PROCESS__ or __RUN_LVL__ and where no process`
		78	`with PID __ut_pid__ exists. If no empty record with the`
		79	`needed __ut_id__ can be found, init creates a new one. It`
		80	`sets __ut_id__ from the inittab, __ut_pid__ and`
		81	`__ut_time__ to the current values and __ut_type__ to`
		82	`__INIT_PROCESS__.`
		83
		84
		85	`getty(8) locates the entry by the pid, changes`
		86	`__ut_type__ to __LOGIN_PROCESS__, changes`
		87	`__ut_time__, sets __ut_line__ and waits for connection`
		88	`to be established. login(8), after a user has been`
		89	`authenticated, changes __ut_type__ to`
		90	`__USER_PROCESS__, changes __ut_time__ and sets`
		91	`__ut_host__ and __ut_addr__. Depending on`
		92	`getty(8) and login(8), records may be located`
		93	`by __ut_line__ instead of the preferable`
		94	`__ut_pid__.`
		95
		96
		97	`When init(8) finds that a process has exited, it`
		98	`locates its utmp entry by __ut_pid__, sets __ut_type__`
		99	`to __DEAD_PROCESS__ and clears __ut_user__,`
		100	`__ut_host__ and __ut_time__ with null`
		101	`bytes.`
		102
		103
		104	`xterm(1) and other terminal emulators directly create`
		105	`a __USER_PROCESS__ record and generate the __ut_id__`
		106	`by using the last two letters of __/dev/ttyp__''%c''`
		107	`or by using __p__''%d'' for __/dev/pts/__''%d''.`
		108	`If they find a __DEAD_PROCESS__ for this id, they recycle`
		109	`it, otherwise they create a new entry. If they can, they`
		110	`will mark it as __DEAD_PROCESS__ on exiting and it is`
		111	`advised that they null __ut_line__, __ut_time__,`
		112	`__ut_user__ and __ut_host__ as well.`
		113
		114
		115	`xdm(8) should not create an utmp record, because`
		116	`there is no assigned terminal. Letting it create one will`
		117	`result in trouble like: finger: can not stat`
		118	`/dev/machine.dom. It should create wtmp entries, though,`
		119	`just like ftpd(8) does.`
		120
		121
		122	`telnetd(8) sets up a __LOGIN_PROCESS__ entry and`
		123	`leaves the rest to login(8) as usual. After the`
		124	`telnet session ends, telnetd(8) cleans up utmp in the`
		125	`described way.`
		126
		127
		128	`The __wtmp__ file records all logins and logouts. Its`
		129	`format is exactly like __utmp__ except that a null user`
		130	`name indicates a logout on the associated terminal.`
		131	`Furthermore, the terminal name ____ with`
		132	`user name ____ or`
		133	`____ indicates a system shutdown or`
		134	`reboot and the pair of terminal names`
		135	`____/____ logs the old/new`
		136	`system time when date(1) changes it. __wtmp__ is`
		137	`maintained by login(1), and init(1) and some`
		138	`versions of getty(1). Neither of these programs`
		139	`creates the file, so if it is removed record-keeping is`
		140	`turned off.`
		141	`!!FILES`
		142
		143
		144	`/var/run/utmp`
		145	`/var/log/wtmp`
		146	`!!CONFORMING TO`
		147
		148
		149	`Linux utmp entries conform neither to v7/BSD nor to SYSV:`
		150	`They are a mix of the two. v7/BSD has fewer fields; most`
		151	`importantly it lacks __ut_type__, which causes native`
		152	`v7/BSD-like programs to display (for example) dead or login`
		153	`entries. Further there is no configuration file which`
		154	`allocates slots to sessions. BSD does so, because it lacks`
		155	`__ut_id__ fields. In Linux (as in SYSV), the __ut_id__`
		156	`field of a record will never change once it has been set,`
		157	`which reserves that slot without needing a configuration`
		158	`file. Clearing __ut_id__ may result in race conditions`
		159	`leading to corrupted utmp entries and and potential security`
		160	`holes. Clearing the above mentioned fields by filling them`
		161	`with null bytes is not required by SYSV semantics, but it`
		162	`allows to run many programs which assume BSD semantics and`
		163	`which do not modify utmp. Linux uses the BSD conventions for`
		164	`line contents, as documented above.`
		165
		166
		167	`SYSV only uses the type field to mark them and logs`
		168	`informative messages such as e.g. __`
		169	`__ in the line field. __UT_UNKNOWN__ seems to`
		170	`be a Linux invention. SYSV has no __ut_host__ or`
		171	`__ut_addr_v6__ fields.`
		172
		173
		174	`Unlike various other systems, where utmp logging can be`
		175	`disabled by removing the file, utmp must always exist on`
		176	`Linux. If you want to disable who(1) then do not make`
		177	`utmp world readable.`
		178
		179
		180	`Note that the utmp struct from libc5 has changed in libc6.`
		181	`Because of this, binaries using the old libc5 struct will`
		182	`corrupt ''/var/run/utmp'' and/or ''/var/log/wtmp''.`
		183	`Debian systems include a patched libc5 which uses the new`
		184	`utmp format. The problem still exists with wtmp since it's`
		185	`accessed directly in libc5.`
		186	`!!RESTRICTIONS`
		187
		188
		189	`The file format is machine dependent, so it is recommended`
		190	`that it be processed only on the machine architecture where`
		191	`it got created.`
		192	`!!BUGS`
		193
		194
		195	`This manpage is based on the libc5 one, things may work`
		196	`differently now.`
		197	`!!SEE ALSO`
		198
		199
		200	`ac(1), date(1), getutent(3),`
		201	`init(8), last(1), login(1),`
		202	`updwtmp(3), who(1)`
		203	`----`

This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.

Last edited on Tuesday, June 4, 2002 12:30:42 am by "perry"

Edit PageHistory Diff Info LikePages