The utmp file allows one to discover information about who is currently using the system. There may be more users currently using the system, because not all programs use utmp logging. Warning:utmp must not be writable, because many system programs depend on its integrity. You risk faked system logfiles and modifications of system files if you leave utmp writable to any user. The file is a sequence of entries with the following structure declared in the include file:
struct utmp { short ut_type; /* type of login */ pid_t ut_pid; /* pid of process */ char ut_line[UT_LINESIZE]; /* device name of tty - "/dev/" */ char ut_id[2]; /* init id or abbrev. ttyname */ time_t ut_time; /* login time */ char ut_user[UT_NAMESIZE]; /* user name */ char ut_host[UT_HOSTSIZE]; /* host name for remote login */ long ut_addr; /* IP addr of remote host */ };
This structure gives the name of the special file associ- ated with the user's terminal, the user's login name, and the time of login in the form of time(2). String fields are terminated by '/0' if they are shorter than the size of the field.
The wtmp file records all logins and logouts. Its format is exactly like utmp except that a null user name indi- cates a logout on the associated terminal. Furthermore, the terminal name "~" with user name "shutdown" or "reboot" indicates a system shutdown or reboot and the pair of terminal names "|"/"}" logs the old/new system time when date(1) changes it. wtmp is maintained by login(1), and init(1) and some very of getty(1). Neither of these programs creates the file, so if it is removed record-keeping is turned off.
FILES
/var/adm/utmp /var/adm/wtmp
CONFORMING TO
Linux utmp entries neither conform to v7/BSD nor to SYSV: They are a mix of the two. v7/BSD has less fields, most importantly it lacks ut_type, which causes native v7/BSD- like programs to display for example dead or login entries. SYSV has one more field to log the exit status of dead processes. Linux uses the BSD conventions for line contents, as documented above. SYSV only uses the type field to mark them and logs informative messages such as e.g. "newtime" in the line field. UT_UNKNOWN seems to be a Linux invention. There is no type ACCOUNTING in Linux. SYSV has no ut_host or ut_addr fields.
RESTRICTIONS
The file format is machine dependent, so it is recommended that it is processed only on the machine architecture where it got created.
NAME utmp, wtmp - login recordsSYNOPSIS #include DESCRIPTION The utmp file allows one to discover information about who is currently using the system. There may be