utmp(4)
NAME
utmp, wtmp, btmp − utmp, wtmp, btmp entry format
SYNOPSIS
#include <sys/types.h>
#include <utmp.h>
DESCRIPTION
These files, which hold user and accounting information for such commands as last(1), who(1), write(1), and login(1), have the following structure as defined by <utmp.h>:
| #define UTMP_FILE | "/etc/utmp" | |
| #define WTMP_FILE | "/etc/wtmp" | |
| #define BTMP_FILE | "/etc/btmp" | |
| #define ut_name | ut_user |
structutmp {
| char | ut_user[8]; | /∗ User login name ∗/ | ||
| char | ut_id[4]; | /∗ /etc/inittab id (usually line #) ∗/ | ||
| char | ut_line[12]; | /∗ device name (console, lnxx) ∗/ | ||
| pid_t | ut_pid; | /∗ process id ∗/ | ||
| short | ut_type; | /∗ type of entry ∗/ | ||
| struct | exit_status { | |||
| short | e_termination; | /∗ Process termination status ∗/ | ||
| short | e_exit; | /∗ Process exit status ∗/ | ||
| } ut_exit; | /∗ The exit status of a process ∗/ | |||
| /∗ marked as DEAD_PROCESS. ∗/ | ||||
| unsigned short | ut_reserved1; | /∗ Reserved for future use ∗/ | ||
| time_t | ut_time; | /∗ time entry was made ∗/ | ||
| char | ut_host[16]; | /∗ host name, if remote ∗/ | ||
| unsigned long | ut_addr; | /∗ Internet addr of host, if remote ∗/ |
};
/∗ Definitions for ut_type ∗/
| #define | EMPTY | 0 | |
| #define | RUN_LVL | 1 | |
| #define | BOOT_TIME | 2 | |
| #define | OLD_TIME | 3 | |
| #define | NEW_TIME | 4 | |
| #define | INIT_PROCESS | 5 | /∗ Process spawned by "init" ∗/ |
| #define | LOGIN_PROCESS | 6 | /∗ A "getty" process waiting for login ∗/ |
| #define | USER_PROCESS | 7 | /∗ A user process ∗/ |
| #define | DEAD_PROCESS | 8 | |
| #define | ACCOUNTING | 9 | |
| #define | UTMAXTYPE | ACCOUNTING | /∗ Largest legal value of ut_type ∗/ |
/∗ Special strings or formats used in the "ut_line" field when ∗/
/∗ accounting for something other than a process ∗/
/∗ No string for the ut_line field can be more than 11 chars + ∗/
/∗ a NULL in length ∗/
| #define RUNLVL_MSG | "run−level %c" |
| #define BOOT_MSG | "system boot" |
| #define OTIME_MSG | "old time" |
| #define NTIME_MSG | "new time" |
File btmp contains bad login entries for each invalid logon attempt.
Note that wtmp and btmp tend to grow without bound, and should be checked regularly. Information that is no longer useful should be removed periodically to prevent it from becoming too large.
In the HP Clustered environment, the files utmp, wtmp, and btmp are context-dependent files (CDFs). See cdf(4). These files must be CDFs so that the boot time and run-level entries represent the actual state of each cluster cnode.
FILES
/etc/utmp
/etc/wtmp
/etc/btmp
AUTHOR
utmp, wtmp, and btmp were developed by HP and the University of California, Berkeley.
SEE ALSO
last(1), login(1), who(1), write(1), acctcon(1M), fwtmp(1M), getut(3C), cdf(4).
STANDARDS CONFORMANCE
utmp.h: XPG2
Hewlett-Packard Company — HP-UX Release 8.05: June 1991