NAME[名称]
utmp, wtmp - 登 录 记 录(login records)
SYNOPSIS[总览]
#include
DESCRIPTION[描述]
utmp 文 件 用 于 记 录 当 前 系 统 用 户 是 哪 些 人。 但 是 实 际 的 人 数 可 能 比 这 个 数 目 要 多 , 因 为 并 非 所 有 用 户 都 用 utmp 登 录。
警告: utmp 必 须 置 为 不 可 写 , 因 为 很 多 系 统 程 序 ( 有 点 傻 的 那 种 ) 依 赖 于 它。 如 果 你 将 它 置 为 可 写 , 其 他 用 户 可 能 会 修 改 它 (//* 导 致 程 序 运 行 出 错 ) 。 (//* (//* )中 为 译 者 注)
文 件 中 是 一 些 条 目 的 列 表 , 条 目 的 结 构 ( 在 utmp.h 中 进 行 了 声 明 ) 见 下 ( 注 意 这 里 只 列 出了 一 部 分 ; 细 节 依 libc 的 版 本 有 所 不 同 ):
#define UT_UNKNOWN 0 #define RUN_LVL 1 #define BOOT_TIME 2 #define NEW_TIME 3 #define OLD_TIME 4 #define INIT_PROCESS 5 #define LOGIN_PROCESS 6 #define USER_PROCESS 7 #define DEAD_PROCESS 8 #define ACCOUNTING 9 #define UT_LINESIZE 12 #define UT_NAMESIZE 32 #define UT_HOSTSIZE 256 struct exit_status { short int e_termination; /* process termination status. */ short int e_exit; /* process exit status. */ }; struct utmp { short ut_type; /* type of login */ pid_t ut_pid; /* pid of login process */ char ut_line[UT_LINESIZE]; /* device name of tty - "/dev/" */ char ut_id[4]; /* init id or abbrev. ttyname */ char ut_user[UT_NAMESIZE]; /* user name */ char ut_host[UT_HOSTSIZE]; /* hostname for remote login */ struct exit_status ut_exit; /* The exit status of a process marked as DEAD_PROCESS. */ long ut_session; /* session ID, used for windowing*/ struct timeval ut_tv; /* time entry was made. */ int32_t ut_addr_v6[4]; /* IP address of remote host. */ char pad[20]; /* Reserved for future use. */ }; /* Backwards compatibility hacks. */ #define ut_name ut_user #ifndef _NO_UT_TIME #define ut_time ut_tv.tv_sec #endif #define ut_xtime ut_tv.tv_sec #define ut_addr ut_addr_v6[0]
这 个 结 构 给 出 了 与 用 户 终 端 联 系 的 文 件 , 用 户 的 登 录 名 , 记 录 于 time(2) 表 中 的 登 录 时 间 。 字 符 串 如 果 比 给 定 的 大 小 小 的 话 , 则 以 '\0' 结 束 之。
***个条目由 init(8) 执行 inittab(5)而产生。然而,在产生条目以前, init(8) 先将 utmp 清空(通过设定 ut_type 为 DEAD_PROCESS来实现. 当ut_type 不是 DEAD_PROCESS 或 RUN_LVL 并且不存在进程号为 ut_pid 的进程时,通过用空串清空 ut_user, ut_host 和 ut_time 来实现。如果不存在 ut_id 的空记录, init(初始化时) 会创建一个。它将会依据 inittab 来设置 ut_id , 设置 ut_pid 和 ut_time 为当前值,设置 ut_type 到 INIT_PROCESS.
getty(8) 依据进程号定位条目, 将 ut_type 改为 LOGIN_PROCESS, 改变 ut_time, 设定 ut_line ,然后等待连接建立。 login(8), 在鉴别完用户后, 将 ut_type 改为 USER_PROCESS, 改变 ut_time 并设定 ut_host 和 ut_addr. 根据 getty(8) 和 login(8)完成的功能, 可以用 ut_line 来定位记录,虽然用 ut_pid 可能更好些。
当 init(8) 发现有进程存在时, 它通过 ut_pid 来定位它的 utmp 条目, 设定 ut_type 为 DEAD_PROCESS ,然后用零字节清空 ut_user, ut_host 和 ut_time 。
xterm(1) 和其他终端仿真器直接创建 USER_PROCESS 记录并通过使用 /dev/ttyp%c 的***两个字母或用 p%d (/dev/pts/%d)来产生 ut_id 。 如果它们找到这个 id 的 DEAD_PROCESS , 它们就使用它,否则就创建一个新的条目. 如果可能,它们将它标记为 DEAD_PROCESS 并将 ut_line, ut_time, ut_user 和 ut_host 置为 null。
xdm(8) 不会创建 utmp 记录, 因为没有终端与它相连. 试图用它产生 utmp 记录会引起如下错误:finger: can not stat /dev/machine.dom. 它应该用于创建 wtmp 条目, 和 ftpd(8) 相似.
telnetd(8) 设定 LOGIN_PROCESS 条目并把其他的的留给 login(8) 去做。telnet 任务结束后, telnetd(8) cleans up utmp in the described way.(??)
wtmp 文件记录了所有的登录和退出。它的格式与 utmp 几乎完全一样(例外是:用空用户名来表示在相关终端上的退出)。除此以外, 用终端名 "~" 和用户名 "shutdown" 或 "reboot" 表示系统关机或重启, the pair of terminal names "|"/"}" logs the old/new system time when date(1) changes it. wtmp 由 login(1), 和 init(1) 以及某些版本的 getty(1) 使用. 但是这些程序并不创建它,所以如果将它删除的话您就得不到记录了。
FILES[相关文件]
/var/run/utmp
/var/log/wtmp
CONFORMING TO[遵循]
Linux utmp 既不遵循 v7/BSD 也不遵循 SYSV: 它实际是两者的混合. v7/BSD 中域比较少; 最重要的是它没有 ut_type (ut_type 可以使本地的 v7/BSD-类的程序显示(以次为例) dead 或 login 条目.而且,没有为任务分配通道的文件. BSD 则相反(BSD does so), 因为它缺少的是 ut_id 域. 在 Linux 中(SYSV 中也一样), 记录的 ut_id 域一旦设定就不再改变,它保留通道而不需要什么配置文件. 清除 ut_id 可能会引起 race conditions 从而导致安全漏洞. 就 SYSV 的要求来讲,用空字节填充的方式来清空上面提到的各个域不是必须的,但是这样做使得运行采用 BSD 语法而又不改变 utmp 的程序成为可能. 正如上面所写的,Linux 在句子中使用 BSD 的惯例.
SYSV 在句子中仅使用类型域去标识它们或是登录信息(例如:. "new time"). UT_UNKNOWN 只在 Linux 中有. SYSV 没有 ut_host 和 ut_addr_v6 域.
不象其它各种系统, 您可以通过删除文件来禁止 utmp , 在 Linux 中 utmp 必须一直存在. 如果你要禁止 who(1) 命令,您需要使整个 utmp 不可读.
需要注意的是在 libc5 和 libc6 中 utmp 的结构是不同的.因此使用旧结构的程序会破坏 /var/run/utmp 和/or /var/log/wtmp. Debian 系统包含一个修补过的 libc5 它可以使用新的格式. 但对 wtmp, 问题依然存在因为它直接对 libc5 进行存取.
RESTRICTIONS[限制]
文件格式依机器而不同, 因此推荐的做法是:在创建它的机器上使用它.
BUGS[缺憾]
本手册页基于 libc5 , 现在可能情况已有不同了.
SEE ALSO[另见]
ac(1), date(1), getutent(3), init(8), last(1), login(1), updwtmp(3), who(1)
#p#
NAME
utmp, wtmp - login records
SYNOPSIS
#include <utmp.h>
DESCRIPTION
The utmp file allows one to discover information about who is currently using the system. There may be more users currently using the system, because not all programs use utmp logging.
Warning: utmp must not be writable, because many system programs (foolishly) depend on its integrity. You risk faked system logfiles and modifications of system files if you leave utmp writable to any user.
The file is a sequence of entries with the following structure declared in the include file (note that this is only one of several definitions around; details depend on the version of libc):
#define UT_UNKNOWN 0 #define RUN_LVL 1 #define BOOT_TIME 2 #define NEW_TIME 3 #define OLD_TIME 4 #define INIT_PROCESS 5 #define LOGIN_PROCESS 6 #define USER_PROCESS 7 #define DEAD_PROCESS 8 #define ACCOUNTING 9 #define UT_LINESIZE 12 #define UT_NAMESIZE 32 #define UT_HOSTSIZE 256 struct exit_status { short int e_termination; /* process termination status. */ short int e_exit; /* process exit status. */ }; struct utmp { short ut_type; /* type of login */ pid_t ut_pid; /* pid of login process */ char ut_line[UT_LINESIZE]; /* device name of tty - "/dev/" */ char ut_id[4]; /* init id or abbrev. ttyname */ char ut_user[UT_NAMESIZE]; /* user name */ char ut_host[UT_HOSTSIZE]; /* hostname for remote login */ struct exit_status ut_exit; /* The exit status of a process marked as DEAD_PROCESS. */ long ut_session; /* session ID, used for windowing*/ struct timeval ut_tv; /* time entry was made. */ int32_t ut_addr_v6[4]; /* IP address of remote host. */ char __unused[20]; /* Reserved for future use. */ }; /* Backwards compatibility hacks. */ #define ut_name ut_user #ifndef _NO_UT_TIME #define ut_time ut_tv.tv_sec #endif #define ut_xtime ut_tv.tv_sec #define ut_addr ut_addr_v6[0]
This structure gives the name of the special file associated with the user's terminal, the user's login name, and the time of login in the form of time(2). String fields are terminated by '\0' if they are shorter than the size of the field.
The first entries ever created result from init(8) processing inittab(5). Before an entry is processed, though, init(8) cleans up utmp by setting ut_type to DEAD_PROCESS, clearing ut_user, ut_host, and ut_time with null bytes for each record which ut_type is not DEAD_PROCESS or RUN_LVL and where no process with PID ut_pid exists. If no empty record with the needed ut_id can be found, init creates a new one. It sets ut_id from the inittab, ut_pid and ut_time to the current values, and ut_type to INIT_PROCESS.
getty(8) locates the entry by the pid, changes ut_type to LOGIN_PROCESS, changes ut_time, sets ut_line, and waits for connection to be established. login(8), after a user has been authenticated, changes ut_type to USER_PROCESS, changes ut_time, and sets ut_host and ut_addr. Depending on getty(8) and login(8), records may be located by ut_line instead of the preferable ut_pid.
When init(8) finds that a process has exited, it locates its utmp entry by ut_pid, sets ut_type to DEAD_PROCESS, and clears ut_user, ut_host and ut_time with null bytes.
xterm(1) and other terminal emulators directly create a USER_PROCESS record and generate the ut_id by using the last two letters of /dev/ttyp%c or by using p%d for /dev/pts/%d. If they find a DEAD_PROCESS for this id, they recycle it, otherwise they create a new entry. If they can, they will mark it as DEAD_PROCESS on exiting and it is advised that they null ut_line, ut_time, ut_user, and ut_host as well.
xdm(8) should not create a utmp record, because there is no assigned terminal. Letting it create one will result in errors, such as 'finger: cannot stat /dev/machine.dom'. It should create wtmp entries, though, just like ftpd(8) does.
telnetd(8) sets up a LOGIN_PROCESS entry and leaves the rest to login(8) as usual. After the telnet session ends, telnetd(8) cleans up utmp in the described way.
The wtmp file records all logins and logouts. Its format is exactly like utmp except that a null user name indicates a logout on the associated terminal. Furthermore, the terminal name ~ with user name shutdown or reboot indicates a system shutdown or reboot and the pair of terminal names |/} logs the old/new system time when date(1) changes it. wtmp is maintained by login(1), init(1), and some versions of getty(1). Neither of these programs creates the file, so if it is removed, record-keeping is turned off.
FILES
/var/run/utmp
/var/log/wtmp
CONFORMING TO
Linux utmp entries conform neither to v7/BSD nor to SYSV; they are a mix of the two. v7/BSD has fewer fields; most importantly it lacks ut_type, which causes native v7/BSD-like programs to display (for example) dead or login entries. Further, there is no configuration file which allocates slots to sessions. BSD does so because it lacks ut_id fields. In Linux (as in SYSV), the ut_id field of a record will never change once it has been set, which reserves that slot without needing a configuration file. Clearing ut_id may result in race conditions leading to corrupted utmp entries and and potential security holes. Clearing the above mentioned fields by filling them with null bytes is not required by SYSV semantics, but it allows to run many programs which assume BSD semantics and which do not modify utmp. Linux uses the BSD conventions for line contents, as documented above.
SYSV only uses the type field to mark them and logs informative messages such as e.g. "new time" in the line field. UT_UNKNOWN seems to be a Linux invention. SYSV has no ut_host or ut_addr_v6 fields.
Unlike various other systems, where utmp logging can be disabled by removing the file, utmp must always exist on Linux. If you want to disable who(1) then do not make utmp world readable.
Note that the utmp struct from libc5 has changed in libc6. Because of this, binaries using the old libc5 struct will corrupt /var/run/utmp and/or /var/log/wtmp. Debian systems include a patched libc5 which uses the new utmp format. The problem still exists with wtmp since it's accessed directly in libc5.
RESTRICTIONS
The file format is machine dependent, so it is recommended that it be processed only on the machine architecture where it was created.
BUGS
This manpage is based on the libc5 one, things may work differently now.
SEE ALSO
ac(1), date(1), getutent(3), init(8), last(1), login(1), updwtmp(3), who(1)