.\" License along with this manual; if not, write to the Free
.\" Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111,
.\" USA.
-.\"
+.\"
.\" Modified 1993-07-25 by Rik Faith (faith@cs.unc.edu)
.\" Modified 1995-02-26 by Michael Haardt
.\" Modified 1996-07-20 by Michael Haardt
The
.I utmp
file allows one to discover information about who is currently using the
-system. There may be more users currently using the system, because not
+system.
+There may be more users currently using the system, because not
all programs use utmp logging.
.PP
.B Warning:
.I utmp
must not be writable, because many system programs (foolishly)
-depend on its integrity. You risk faked system logfiles and
+depend on its integrity.
+You risk faked system logfiles and
modifications of system files if you leave
.I utmp
writable to any user.
char ut_host[UT_HOSTSIZE]; /* hostname for remote login */
struct exit_status ut_exit; /* The exit status of a process
marked as DEAD_PROCESS */
-
- /* The ut_session and ut_tv fields must be the same size when
- compiled 32- and 64-bit. This allows data files and shared
+
+ /* The ut_session and ut_tv fields must be the same size when
+ compiled 32- and 64-bit. This allows data files and shared
memory to be shared between 32- and 64-bit applications */
#if __WORDSIZE == 64 && defined __WORDSIZE_COMPAT32
int32_t ut_session; /* Session ID, used for windowing */
cleans up utmp by setting \fIut_type\fP to \fBDEAD_PROCESS\fP, clearing
\fIut_user\fP, \fIut_host\fP, and \fIut_time\fP with null bytes for each
record which \fIut_type\fP is not \fBDEAD_PROCESS\fP or \fBRUN_LVL\fP
-and where no process with PID \fIut_pid\fP exists. If no empty record
-with the needed \fIut_id\fP can be found, init creates a new one. It
-sets \fIut_id\fP from the inittab, \fIut_pid\fP and \fIut_time\fP to the
+and where no process with PID \fIut_pid\fP exists.
+If no empty record
+with the needed \fIut_id\fP can be found, init creates a new one.
+It sets \fIut_id\fP from the inittab, \fIut_pid\fP and \fIut_time\fP to the
current values, and \fIut_type\fP to \fBINIT_PROCESS\fP.
.PP
.BR getty (8)
.BR login (8),
after a user has been
authenticated, changes \fIut_type\fP to \fBUSER_PROCESS\fP, changes
-\fIut_time\fP, and sets \fIut_host\fP and \fIut_addr\fP. Depending on
+\fIut_time\fP, and sets \fIut_host\fP and \fIut_addr\fP.
+Depending on
.BR getty (8)
and
.BR login (8),
and other terminal emulators directly create a
\fBUSER_PROCESS\fP record and generate the \fIut_id\fP by using the last
two letters of \fI/dev/ttyp\fP\fI%c\fP or by using \fIp\fP\fI%d\fP for
-\fI/dev/pts/\fP\fI%d\fP. If they find a \fBDEAD_PROCESS\fP for this ID,
-they recycle it, otherwise they create a new entry. If they can, they
+\fI/dev/pts/\fP\fI%d\fP.
+If they find a \fBDEAD_PROCESS\fP for this ID,
+they recycle it, otherwise they create a new entry.
+If they can, they
will mark it as \fBDEAD_PROCESS\fP on exiting and it is advised that
they null \fIut_line\fP, \fIut_time\fP, \fIut_user\fP, and \fIut_host\fP
as well.
.PP
\fIxdm\fP(8) should not create a utmp record, because there is no
-assigned terminal. Letting it create one will result in errors, such
-as 'finger: cannot stat /dev/machine.dom'. It should create wtmp entries,
-though, just like
+assigned terminal.
+Letting it create one will result in errors, such
+as 'finger: cannot stat /dev/machine.dom'.
+It should create wtmp entries, though, just like
.BR ftpd (8)
does.
.PP
.BR telnetd (8)
sets up a \fBLOGIN_PROCESS\fP entry and leaves the rest to
.BR login (8)
-as usual. After the telnet session ends,
+as usual.
+After the telnet session ends,
.BR telnetd (8)
cleans up utmp in the described way.
.PP
-The \fIwtmp\fP file records all logins and logouts. Its format is
-exactly like \fIutmp\fP except that a null user name indicates a logout
-on the associated terminal. Furthermore, the terminal name \fB~\fP
+The \fIwtmp\fP file records all logins and logouts.
+Its format is exactly like \fIutmp\fP except that a null user name
+indicates a logout
+on the associated terminal.
+Furthermore, the terminal name \fB~\fP
with user name \fBshutdown\fP or \fBreboot\fP indicates a system
shutdown or reboot and the pair of terminal names \fB|\fP/\fB}\fP
logs the old/new system time when
\fIut_tv\fP is the same size in 32-bit mode as in 64-bit mode.
The same goes for \fIut_session\fP and \fIut_time\fP if they are present.
This allows data files and shared memory to be shared between
-32-bit and 64-bit applications.
+32-bit and 64-bit applications.
Since \fIut_tv\fP may not be the same as \fIstruct timeval\fP,
then instead of the call:
.RS
Linux utmp entries conform neither to v7/BSD nor to System V; they are a
mix of the two. v7/BSD has fewer fields; most importantly it lacks
\fIut_type\fP, which causes native v7/BSD-like programs to display (for
-example) dead or login entries. Further, there is no configuration file
-which allocates slots to sessions. BSD does so because it lacks
-\fIut_id\fP fields. In Linux (as in System V), the \fIut_id\fP field of a
+example) dead or login entries.
+Further, there is no configuration file
+which allocates slots to sessions.
+BSD does so because it lacks \fIut_id\fP fields.
+In Linux (as in System V), the \fIut_id\fP field of a
record will never change once it has been set, which reserves that slot
-without needing a configuration file. Clearing \fIut_id\fP may result
+without needing a configuration file.
+Clearing \fIut_id\fP may result
in race conditions leading to corrupted utmp entries and potential
-security holes. Clearing the above mentioned fields by filling them
+security holes.
+Clearing the above mentioned fields by filling them
with null bytes is not required by System V semantics, but it allows to run
many programs which assume BSD semantics and which do not modify utmp.
Linux uses the BSD conventions for line contents, as documented above.
.PP
Unlike various other
systems, where utmp logging can be disabled by removing the file, utmp
-must always exist on Linux. If you want to disable \fIwho\fP(1) then
+must always exist on Linux.
+If you want to disable \fIwho\fP(1) then
do not make utmp world readable.
.PP
Note that the utmp struct from libc5 has changed in libc6. Because of this,