utmp, wtmp, lastlog - login records
#include <utmp.h>
The <utmp.h> file declares the structures used to record information
about current users in the utmp file, logins and logouts in
the wtmp
file, and last logins in the lastlog file. The timestamps
of date
changes, shutdowns, and reboots are also logged in the wtmp
file.
wtmp can grow rapidly on busy systems, so daily or weekly
rotation is
recommended. If any one of these files does not exist, it
is not created.
They must be created manually and are maintained by
newsyslog(8).
#define _PATH_UTMP "/var/run/utmp"
#define _PATH_WTMP "/var/log/wtmp"
#define _PATH_LASTLOG "/var/log/lastlog"
#define UT_NAMESIZE 32
#define UT_LINESIZE 8
#define UT_HOSTSIZE 256
struct lastlog {
time_t ll_time;
char ll_line[UT_LINESIZE];
char ll_host[UT_HOSTSIZE];
};
struct utmp {
char ut_line[UT_LINESIZE];
char ut_name[UT_NAMESIZE];
char ut_host[UT_HOSTSIZE];
time_t ut_time;
};
Each time a user logs in, the login(1) program looks up the
user's UID in
the lastlog file. If it is found, the timestamp of the last
time the user
logged in, the terminal line, and the hostname are written to the
standard output (provided the login is not ``quiet''; see
login(1)). The
login(1) program then records the new login time in the
lastlog file.
After the new lastlog record is written, the utmp file is
opened and the
utmp record for the user is inserted. This record remains
until the user
logs out at which time it is deleted. The utmp file is used
by the programs
rwho(1), users(1), w(1), and who(1).
Next, the login(1) program opens the wtmp file and appends
the user's
utmp record. When the user logs out, a utmp record with the
tty line, an
updated timestamp, and zeroed name and host fields is appended to the
file (see init(8)). The wtmp file is used by the programs
last(1) and
ac(8).
In the event of a date change, shutdown, or reboot, the following items
are logged in the wtmp file:
reboot
shutdown A system reboot or shutdown has been initiated.
A tilde
(`~') character is placed in the field ut_line,
and
``reboot'' or ``shutdown'' in the field ut_name
(see
shutdown(8) and reboot(8)).
date The system time has been manually or automatically updated
(see date(1)). The command name date(1) is
recorded in the
field ut_name. In the field ut_line, the ``|''
character indicates
the time prior to the change and the
``{'' character
indicates the new time.
/var/run/utmp
/var/log/wtmp
/var/log/lastlog
last(1), login(1), who(1), ac(8), init(8), newsyslog(8)
A utmp and wtmp file format appeared in Version 3 AT&T UNIX.
The lastlog
file format appeared in 3.0BSD.
The strings in the utmp and lastlog structures are not normal `C' strings
and are thus not guaranteed to be null terminated.
OpenBSD 3.6 March 17, 1994
[ Back ] |
