Login
Login

Utmp

{{short description|Record of Unix logins}}

{{lowercase title}}

{{More citations needed|date=February 2023}}

utmp, wtmp, btmp and variants such as utmpx, wtmpx and btmpx are files on Unix-like systems that keep track of all logins and logouts to the system.{{cite web|url=https://manpages.org/utmp/5|title=man utmp (5)|website=manpages.org}}

Format

= utmp, wtmp and btmp =

  • utmp maintains a full accounting of the current status of the system, system boot time (used by uptime), recording user logins at which terminals, logouts, system events etc.
  • wtmp acts as a historical utmp
  • btmp records failed login attempts

These files are not regular text files, but rather a binary format which needs to be edited by specially crafted programs. The implementation and the fields present in the file differ depending on the system or the libc version, and are defined in the utmp.h header file. The wtmp and btmp format are exactly like utmp except that a null value for "username" indicates a logout on the associated terminal (the actual user name is located by finding the preceding login on that terminal). Furthermore, the value "~" as a terminal name with username "shutdown" or "reboot" indicates a system shutdown or reboot (respectively).{{cite web|url=https://github.com/util-linux/util-linux/blob/v2.37.2/login-utils/last.c#L740-L750|title=util-linux|version=v2.37.2|location=login-utils/last.c|website=github.com|at=lines 740-750|date=2020-12-01}}

These files are not set by any given PAM module (such as pam_unix.so or pam_sss.so) but are set by the application performing the operation (e.g. mingetty, /bin/login, or sshd). As such it is the obligation of the program itself to record the utmp information.

= utmpx, wtmpx and btmpx =

Utmpx and wtmpx are extensions to the original utmp and wtmp, originating from Sun Microsystems. Utmpx is specified in POSIX.{{cite web|url=https://www.mankier.com/0p/utmpx.h|archive-url=https://archive.today/20230309200416/https://www.mankier.com/0p/utmpx.h|archive-date=2023-03-09|title=utmpx.h - Man Page|publisher=Institute of Electrical and Electronics Engineers, Inc and The Open Group|website=www.mankier.com}} The utmp, wtmp and btmp files were never a part of any official Unix standard, such as Single UNIX Specification, while utmpx and corresponding APIs are part of it.{{cite web|url=http://www.opengroup.org/onlinepubs/009695399/basedefs/utmpx.h.html|archive-url=https://archive.today/20120908205449/http://pubs.opengroup.org/onlinepubs/009695399/basedefs/utmpx.h.html|archive-date=8 Sep 2012|title=utmpx.h - user accounting database definitions|series=The Open Group Base Specifications|issue=6|publisher=The IEEE and The Open Group}}{{cite web|url=http://80386.nl/unix/utmpx/|archive-url=https://archive.today/20120701143450/http://80386.nl/unix/utmpx/|archive-date=1 Jul 2012|title=Ed's short guide on utmp(x)|date=January 12, 2012|website=80386.nl|url-status=dead}} While some systems create different newer files for the utmpx variants and have deprecated/obsoleted former formats, this is not always the case. Linux for example uses the utmpx structure in the place of the older file structure.

Location

Depending on the system, those files may commonly be found in different places (non-exhaustive list) :

AIX:{{cite web|url=https://www.ibm.com/docs/en/aix/7.3?topic=formats-utmp-wtmp-failedlogin-file-format|title=

utmp, wtmp, failedlogin File Format|date=March 24, 2023|publisher=IBM}}

/etc/utmp

/var/adm/wtmp

Linux:

/var/run/utmp

/var/log/wtmp

/var/log/btmp

Solaris:{{cite web|url=http://www.unixnote.com/2010/05/solaris-tip-trim-wtmpx-file.html|title=Solaris Trim wtmpx file|archive-url=https://web.archive.org/web/20140707221308/https://unixnote.com/2010/05/solaris-tip-trim-wtmpx-file.html|url-status=dead|date=May 25, 2010|publisher=UNIX Note|archive-date=2014-07-07|author=andy}}

/var/adm/utmp (deprecated), /var/adm/utmpx

/var/adm/wtmp (deprecated), /var/adm/wtmpx

HP-UX:

/etc/utmp (deprecated), /etc/utmpx

/var/adm/wtmp (deprecated), /var/adm/wtmpx

/var/adm/btmp (deprecated), /var/adm/btmpx

FreeBSD 9.0 introduced new files while adding support for utmpx:

{{cite web|url=https://github.com/freebsd/freebsd-src/blob/release/9.0.0/include/utmpx.h#L41-L66|title=utmpx.h|version=9.0.0|location=include/utmpx.h|website=github.com|at=lines 41-66|date=2010-01-13|author=Ed Schouten}}

/var/run/utx.active (replaces utmp)

/var/log/utx.lastlogin (replaces lastlog)

/var/log/utx.log (replaces wtmp)

Related commands

Different commands allow users to consult the information stored in those files. This includes programs who (which show current system users), last (which shows the last logged in users) and lastb (which shows the last failed login attempts; Linux-specific).

See also

References

External links

  • {{man|1|last|FreeBSD|indicate last logins of users and ttys}}
  • {{man|3|getutxent|FreeBSD|user login and logouts, and some system activities}}
  • {{man|1|last|die.net|show listing of last logged in users}}
  • {{man|5|utmp|Linux|login records}}
  • {{man|1|last|Solaris|display login and logout information about users and terminals}}
  • {{man|5|wtmp|Solaris|utmp and wtmp entry formats}}

Category:Unix

Category:Unix software

{{Unix-stub}}