utmp

NAME

       utmp, wtmp - login records

SYNOPSIS

       #include <utmp.h>

DESCRIPTION

       The utmp file allows one to discover information about who
       is currently using the system.  There may  be  more  users
       currently  using  the system, because not all programs use
       utmp logging.  Warning: utmp must not be writable, because
       many  system  programs  depend on its integrity.  You risk
       faked system logfiles and modifications of system files if
       you  leave  utmp  writable  to  any  user.   The file is a
       sequence of entries with the following structure  declared
       in the include file:

              #define UT_UNKNOWN            0
              #define RUN_LVL               1
              #define BOOT_TIME             2
              #define NEW_TIME              3
              #define OLD_TIME              4
              #define INIT_PROCESS          5
              #define LOGIN_PROCESS         6
              #define USER_PROCESS          7
              #define DEAD_PROCESS          8

              #define UT_LINESIZE           12
              #define UT_NAMESIZE           8
              #define UT_HOSTSIZE           16

              struct utmp {
                short ut_type;              /* type of login */
                pid_t ut_pid;               /* pid of process */
                char ut_line[UT_LINESIZE];  /* device name of tty - "/dev/" */
                char ut_id[2];              /* init id or abbrev. ttyname */
                time_t ut_time;             /* login time */
                char ut_user[UT_NAMESIZE];  /* user name */
                char ut_host[UT_HOSTSIZE];  /* host name for remote login */
                long ut_addr;               /* IP addr of remote host */
              };

       This  structure gives the name of the special file associ-
       ated with the user's terminal, the user's login name,  and
       the  time  of login in the form of time(2).  String fields
       are terminated by '/0' if they are shorter than  the  size
       of the field.

       The  wtmp file records all logins and logouts.  Its format
       is exactly like utmp except that a null  user  name  indi-
       cates  a  logout on the associated terminal.  Furthermore,
       the  terminal  name  "~"  with  user  name  "shutdown"  or
       "reboot"  indicates  a  system  shutdown or reboot and the
       pair of terminal names "|"/"}"  logs  the  old/new  system
       time  when  date(1)  changes  it.   wtmp  is maintained by
       login(1), and init(1) and some very of getty(1).   Neither
       of  these  programs  creates the file, so if it is removed
       record-keeping is turned off.

FILES

       /var/adm/utmp
       /var/adm/wtmp

CONFORMING TO

       Linux utmp entries neither conform to v7/BSD nor to  SYSV:
       They  are  a mix of the two.  v7/BSD has less fields, most
       importantly it lacks ut_type, which causes native  v7/BSD-
       like  programs  to  display  for  example  dead  or  login
       entries.  SYSV has one more field to log the  exit  status
       of  dead  processes.   Linux  uses the BSD conventions for
       line contents, as documented above.  SYSV  only  uses  the
       type field to mark them and logs informative messages such
       as e.g. "new time" in the line field.  UT_UNKNOWN seems to
       be  a  Linux  invention.   There  is no type ACCOUNTING in
       Linux.  SYSV has no ut_host or ut_addr fields.

RESTRICTIONS

       The file format is machine dependent, so it is recommended
       that  it  is  processed  only  on the machine architecture
       where it got created.

SEE ALSO

       ac(1), date(1), last(1),  login(1),  who(1),  getutent(3),
       init(8)