Imported upstream version 1.5

[manpages-zh.git] / raw / man5 / utmp.5

.\" Copyright (c) 1993 Michael Haardt (michael@cantor.informatik.rwth-aachen.de), Fri Apr  2 11:32:09 MET DST 1993
.\"
.\" This is free documentation; you can redistribute it and/or
.\" modify it under the terms of the GNU General Public License as
.\" published by the Free Software Foundation; either version 2 of
.\" the License, or (at your option) any later version.
.\"
.\" The GNU General Public License's references to "object code"
.\" and "executables" are to be interpreted as the output of any
.\" document formatting or typesetting system, including
.\" intermediate and printed output.
.\"
.\" This manual is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public
.\" License along with this manual; if not, write to the Free
.\" Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111,
.\" USA.
.\" 
.\" Modified Sun Jul 25 10:44:50 1993 by Rik Faith (faith@cs.unc.edu)
.\" Modified Thu Feb 26 16:08:49 MET 1995 by Michael Haardt
.\" Modified Sat Jul 20 14:39:03 MET DST 1996 by Michael Haardt
.\" Modified Wed Jul  2 20:20:53 ART 1997 by Nicol?s Lichtmaier <nick@debian.org>
.TH UTMP 5 1997-07-02 "" "File formats"
.SH NAME
utmp, wtmp \- login records
.SH SYNOPSIS
#include <utmp.h>
.SH DESCRIPTION
The
.I utmp
file allows one to discover information about who is currently using the
system.  There may be more users currently using the system, because not
all programs use utmp logging.
.PP
.B Warning:
.I utmp
must not be writable, because many system programs (foolishly)
depend on its integrity.  You risk faked system logfiles and
modifications of system files if you leave
.I utmp
writable to any user.
.PP
The file is a sequence of entries with the following structure declared
in the include file (note that this is only one of several definitions
around; details depend on the version of libc):
.RS
.nf
.sp
.ta 3i
#define UT_UNKNOWN      0
#define RUN_LVL         1
#define BOOT_TIME       2
#define NEW_TIME        3
#define OLD_TIME        4
#define INIT_PROCESS    5
#define LOGIN_PROCESS   6
#define USER_PROCESS    7
#define DEAD_PROCESS    8
#define ACCOUNTING      9

#define UT_LINESIZE     12
#define UT_NAMESIZE     32
#define UT_HOSTSIZE     256

struct exit_status {
  short int e_termination;      /* process termination status.  */
  short int e_exit;     /* process exit status.  */
};

struct utmp {
  short ut_type;        /* type of login */
  pid_t ut_pid; /* pid of login process */
  char ut_line[UT_LINESIZE];    /* device name of tty \- "/dev/" */
  char ut_id[4];        /* init id or abbrev. ttyname */
  char ut_user[UT_NAMESIZE];    /* user name */
  char ut_host[UT_HOSTSIZE];    /* hostname for remote login */
  struct exit_status ut_exit;   /* The exit status of a process
           marked as DEAD_PROCESS. */
  long ut_session;      /* session ID, used for windowing*/
  struct timeval ut_tv; /* time entry was made.  */
  int32_t ut_addr_v6[4];        /* IP address of remote host.  */
  char pad[20]; /* Reserved for future use.  */
};

/* Backwards compatibility hacks.  */
#define ut_name ut_user
#ifndef _NO_UT_TIME
#define ut_time ut_tv.tv_sec
#endif
#define ut_xtime ut_tv.tv_sec
#define ut_addr ut_addr_v6[0]
.sp
.fi
.RE
This structure gives the name of the special file associated with the
user's terminal, the user's login name, and the time of login in the form
of
.BR time (2).
String fields are terminated by \fB'\e0'\fP if they are shorter than the size
of the field.
.PP
The first entries ever created result from
.BR init (8)
processing
.BR inittab (5).
Before an entry is processed, though,
.BR init (8)
cleans up utmp by setting \fIut_type\fP to \fBDEAD_PROCESS\fP, clearing
\fIut_user\fP, \fIut_host\fP, and \fIut_time\fP with null bytes for each
record which \fIut_type\fP is not \fBDEAD_PROCESS\fP or \fBRUN_LVL\fP
and where no process with PID \fIut_pid\fP exists.  If no empty record
with the needed \fIut_id\fP can be found, init creates a new one.  It
sets \fIut_id\fP from the inittab, \fIut_pid\fP and \fIut_time\fP to the
current values, and \fIut_type\fP to \fBINIT_PROCESS\fP.
.PP
.BR getty (8)
locates the entry by the pid, changes \fIut_type\fP to
\fBLOGIN_PROCESS\fP, changes \fIut_time\fP, sets \fIut_line\fP, and waits
for connection to be established.
.BR login (8),
after a user has been
authenticated, changes \fIut_type\fP to \fBUSER_PROCESS\fP, changes
\fIut_time\fP, and sets \fIut_host\fP and \fIut_addr\fP.  Depending on
.BR getty (8)
and
.BR login (8),
records may be located by
\fIut_line\fP instead of the preferable \fIut_pid\fP.
.PP
When
.BR init (8)
finds that a process has exited, it locates its utmp
entry by \fIut_pid\fP, sets \fIut_type\fP to \fBDEAD_PROCESS\fP, and
clears \fIut_user\fP, \fIut_host\fP and \fIut_time\fP with null bytes.
.PP
.BR xterm (1)
and other terminal emulators directly create a
\fBUSER_PROCESS\fP record and generate the \fIut_id\fP by using the last
two letters of \fI/dev/ttyp\fP\fI%c\fP or by using \fIp\fP\fI%d\fP for
\fI/dev/pts/\fP\fI%d\fP.  If they find a \fBDEAD_PROCESS\fP for this id,
they recycle it, otherwise they create a new entry.  If they can, they
will mark it as \fBDEAD_PROCESS\fP on exiting and it is advised that
they null \fIut_line\fP, \fIut_time\fP, \fIut_user\fP, and \fIut_host\fP
as well.
.PP
\fIxdm\fP(8) should not create a utmp record, because there is no
assigned terminal.  Letting it create one will result in errors, such
as 'finger: cannot stat /dev/machine.dom'.  It should create wtmp entries,
though, just like
.BR ftpd (8)
does.
.PP
.BR telnetd (8)
sets up a \fBLOGIN_PROCESS\fP entry and leaves the rest to
.BR login (8)
as usual.  After the telnet session ends,
.BR telnetd (8)
cleans up utmp in the described way.
.PP
The \fIwtmp\fP file records all logins and logouts.  Its format is
exactly like \fIutmp\fP except that a null user name indicates a logout
on the associated terminal.  Furthermore, the terminal name \fB~\fP
with user name \fBshutdown\fP or \fBreboot\fP indicates a system
shutdown or reboot and the pair of terminal names \fB|\fP/\fB}\fP
logs the old/new system time when
.BR date (1)
changes it.  \fIwtmp\fP is maintained by
.BR login (1),
.BR init (1),
and some versions of
.BR getty (1).
Neither of these programs creates the file, so if it is
removed, record-keeping is turned off.
.SH FILES
/var/run/utmp
.br
/var/log/wtmp
.SH "CONFORMING TO"
Linux utmp entries conform neither to v7/BSD nor to SYSV; they are a
mix of the two.  v7/BSD has fewer fields; most importantly it lacks
\fIut_type\fP, which causes native v7/BSD-like programs to display (for
example) dead or login entries.  Further, there is no configuration file
which allocates slots to sessions.  BSD does so because it lacks
\fIut_id\fP fields.  In Linux (as in SYSV), the \fIut_id\fP field of a
record will never change once it has been set, which reserves that slot
without needing a configuration file.  Clearing \fIut_id\fP may result
in race conditions leading to corrupted utmp entries and and potential
security holes.  Clearing the above mentioned fields by filling them
with null bytes is not required by SYSV semantics, but it allows to run
many programs which assume BSD semantics and which do not modify utmp.
Linux uses the BSD conventions for line contents, as documented above.
.PP
SYSV only uses the type field to mark them and logs informative messages
such as e.g.\& \fB"new time"\fP in the line field. \fBUT_UNKNOWN\fP seems
to be a Linux invention.
SYSV has no \fIut_host\fP or \fIut_addr_v6\fP fields.
.PP
Unlike various other
systems, where utmp logging can be disabled by removing the file, utmp
must always exist on Linux.  If you want to disable \fIwho\fP(1) then
do not make utmp world readable.
.PP
Note that the utmp struct from libc5 has changed in libc6. Because of this,
binaries using the old libc5 struct will corrupt
.IR /var/run/utmp " and/or " /var/log/wtmp .
Debian systems include a patched libc5 which uses the new utmp format.
The problem still exists with wtmp since it's accessed directly in
libc5.
.SH RESTRICTIONS
The file format is machine dependent, so it is recommended that it be
processed only on the machine architecture where it was created.
.SH BUGS
This manpage is based on the libc5 one, things may work differently now.
.SH "SEE ALSO"
.BR ac (1),
.BR date (1),
.BR getutent (3),
.BR init (8),
.BR last (1),
.BR login (1),
.BR updwtmp (3),
.BR who (1)