NAME
utmp
, wtmp
,
lastlog
—
login records
SYNOPSIS
#include
<utmp.h>
DESCRIPTION
The <utmp.h>
file
declares the structures used to record information about current users in
the utmp
file, logins and logouts in the
wtmp
file, and last logins in the
lastlog
file. The timestamps of date changes,
shutdowns, and reboots are also logged in the wtmp
file.
wtmp
can grow rapidly on busy systems, so
daily or weekly rotation is recommended. If any one of these files does not
exist, it is not created. They must be created manually and are maintained
by newsyslog(8).
#define _PATH_UTMP "/var/run/utmp" #define _PATH_WTMP "/var/log/wtmp" #define _PATH_LASTLOG "/var/log/lastlog" #define UT_NAMESIZE 32 #define UT_LINESIZE 8 #define UT_HOSTSIZE 256 struct lastlog { time_t ll_time; char ll_line[UT_LINESIZE]; char ll_host[UT_HOSTSIZE]; }; struct utmp { char ut_line[UT_LINESIZE]; char ut_name[UT_NAMESIZE]; char ut_host[UT_HOSTSIZE]; time_t ut_time; };
Each time a user logs in, the
login(1)
program looks up the user's UID in the lastlog
file.
If it is found, the timestamp of the last time the user logged in, the
terminal line, and the hostname are written to the standard output (provided
the login is not “quiet”; see
login(1)).
The login(1)
program then records the new login time in the
lastlog
file.
After the new lastlog record is written, the
utmp
file is opened and the
utmp record for the user is inserted. This record
remains until the user logs out at which time it is deleted. The
utmp
file is used by the programs
users(1),
w(1), and
who(1).
Next, the login(1) program opens the wtmp
file and
appends the user's utmp record. When the user logs
out, a utmp record with the tty line, an updated
timestamp, and zeroed name and host fields is appended to the file (see
init(8)). The
wtmp
file is used by the programs
last(1) and
ac(8).
In the event of a date change, shutdown, or reboot, the following
items are logged in the wtmp
file:
reboot
shutdown
- A system reboot or shutdown has been initiated. A tilde (‘~’) character is placed in the field ut_line, and “reboot” or “shutdown” in the field ut_name (see shutdown(8) and reboot(8)).
date
- The system time has been manually or automatically updated (see date(1)). The command name date(1) is recorded in the field ut_name. In the field ut_line, the “|” character indicates the time prior to the change and the “{” character indicates the new time.
FILES
- /var/run/utmp
- /var/log/wtmp
- /var/log/lastlog
SEE ALSO
HISTORY
A file /tmp/utmp first appeared in
Version 1 AT&T UNIX and a file
/tmp/wtmp in Version 2
AT&T UNIX. The lastlog
file format
appeared in 3.0BSD.
CAVEATS
The strings in the utmp and lastlog structures are not normal ‘C’ strings and are thus not guaranteed to be null terminated.