Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
wtmp(5)
Edit
PageHistory
Diff
Info
LikePages
UTMP !!!UTMP NAME SYNOPSIS DESCRIPTION FILES CONFORMING TO RESTRICTIONS BUGS SEE ALSO ---- !!NAME utmp, wtmp - login records !!SYNOPSIS #include !!DESCRIPTION The __utmp__ file allows one to discover information about who is currently using the system. There may be more users currently using the system, because not all programs use utmp logging. __Warning: utmp__ must not be writable, because many system programs (foolishly) depend on its integrity. You risk faked system logfiles and modifications of system files if you leave __utmp__ writable to any user. The file is a sequence of entries with the following structure declared in the include file (note that this is only one of several definitions around; details depend on the version of libc): #define UT_UNKNOWN 0 #define RUN_LVL 1 #define BOOT_TIME 2 #define NEW_TIME 3 #define OLD_TIME 4 #define INIT_PROCESS 5 #define LOGIN_PROCESS 6 #define USER_PROCESS 7 #define DEAD_PROCESS 8 #define ACCOUNTING 9 #define UT_LINESIZE 12 #define UT_NAMESIZE 32 #define UT_HOSTSIZE 256 struct exit_status { short int e_termination; /* process termination status. */ short int e_exit; /* process exit status. */ }; struct utmp { short ut_type; /* type of login */ pid_t ut_pid; /* pid of login process */ char ut_line[[UT_LINESIZE]; /* device name of tty - This structure gives the name of the special file associated with the user's terminal, the user's login name, and the time of login in the form of time(2). String fields are terminated by __'0'__ if they are shorter than the size of the field. The first entries ever created result from init(8) processing inittab(5). Before an entry is processed, though, init(8) cleans up utmp by setting __ut_type__ to __DEAD_PROCESS__, clearing __ut_user__, __ut_host__ and __ut_time__ with null bytes for each record which __ut_type__ is not __DEAD_PROCESS__ or __RUN_LVL__ and where no process with PID __ut_pid__ exists. If no empty record with the needed __ut_id__ can be found, init creates a new one. It sets __ut_id__ from the inittab, __ut_pid__ and __ut_time__ to the current values and __ut_type__ to __INIT_PROCESS__. getty(8) locates the entry by the pid, changes __ut_type__ to __LOGIN_PROCESS__, changes __ut_time__, sets __ut_line__ and waits for connection to be established. login(8), after a user has been authenticated, changes __ut_type__ to __USER_PROCESS__, changes __ut_time__ and sets __ut_host__ and __ut_addr__. Depending on getty(8) and login(8), records may be located by __ut_line__ instead of the preferable __ut_pid__. When init(8) finds that a process has exited, it locates its utmp entry by __ut_pid__, sets __ut_type__ to __DEAD_PROCESS__ and clears __ut_user__, __ut_host__ and __ut_time__ with null bytes. xterm(1) and other terminal emulators directly create a __USER_PROCESS__ record and generate the __ut_id__ by using the last two letters of __/dev/ttyp__''%c'' or by using __p__''%d'' for __/dev/pts/__''%d''. If they find a __DEAD_PROCESS__ for this id, they recycle it, otherwise they create a new entry. If they can, they will mark it as __DEAD_PROCESS__ on exiting and it is advised that they null __ut_line__, __ut_time__, __ut_user__ and __ut_host__ as well. xdm(8) should not create an utmp record, because there is no assigned terminal. Letting it create one will result in trouble like: finger: can not stat /dev/machine.dom. It should create wtmp entries, though, just like ftpd(8) does. telnetd(8) sets up a __LOGIN_PROCESS__ entry and leaves the rest to login(8) as usual. After the telnet session ends, telnetd(8) cleans up utmp in the described way. The __wtmp__ file records all logins and logouts. Its format is exactly like __utmp__ except that a null user name indicates a logout on the associated terminal. Furthermore, the terminal name ____ with user name ____ or ____ indicates a system shutdown or reboot and the pair of terminal names ____/____ logs the old/new system time when date(1) changes it. __wtmp__ is maintained by login(1), and init(1) and some versions of getty(1). Neither of these programs creates the file, so if it is removed record-keeping is turned off. !!FILES /var/run/utmp /var/log/wtmp !!CONFORMING TO Linux utmp entries conform neither to v7/BSD nor to SYSV: They are a mix of the two. v7/BSD has fewer fields; most importantly it lacks __ut_type__, which causes native v7/BSD-like programs to display (for example) dead or login entries. Further there is no configuration file which allocates slots to sessions. BSD does so, because it lacks __ut_id__ fields. In Linux (as in SYSV), the __ut_id__ field of a record will never change once it has been set, which reserves that slot without needing a configuration file. Clearing __ut_id__ may result in race conditions leading to corrupted utmp entries and and potential security holes. Clearing the above mentioned fields by filling them with null bytes is not required by SYSV semantics, but it allows to run many programs which assume BSD semantics and which do not modify utmp. Linux uses the BSD conventions for line contents, as documented above. SYSV only uses the type field to mark them and logs informative messages such as e.g. __ __ in the line field. __UT_UNKNOWN__ seems to be a Linux invention. SYSV has no __ut_host__ or __ut_addr_v6__ fields. Unlike various other systems, where utmp logging can be disabled by removing the file, utmp must always exist on Linux. If you want to disable who(1) then do not make utmp world readable. Note that the utmp struct from libc5 has changed in libc6. Because of this, binaries using the old libc5 struct will corrupt ''/var/run/utmp'' and/or ''/var/log/wtmp''. Debian systems include a patched libc5 which uses the new utmp format. The problem still exists with wtmp since it's accessed directly in libc5. !!RESTRICTIONS The file format is machine dependent, so it is recommended that it be processed only on the machine architecture where it got created. !!BUGS This manpage is based on the libc5 one, things may work differently now. !!SEE ALSO ac(1), date(1), getutent(3), init(8), last(1), login(1), updwtmp(3), who(1) ----
3 pages link to
wtmp(5)
:
Man5w
logwtmp(3)
updwtmp(3)
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.
