utmp.h File

Purpose

Defines the structures of certain user and accounting information files.

Description

The structure of the records in the utmp, wtmp, and failedlogin files is defined in the /usr/include/utmp.h file. The utmp structure in this header file contains the following fields:

Item	Description
`ut_user`	User login name.
`ut_line`	Device name (console or lnxx). The maximum length of a string in this field is 11 characters plus a null character. When accounting for something other than a process, the following special strings or formats are allowed: RUNLVL_MSG Run level: specifically, the run level of the process. BOOT_MSG System boot: specifically, the time of the initial program load (IPL). OTIME_MSG Old time: specifically, the time of login. NTIME_MSG New time: specifically, the time idle.
`ut_pid`	Process ID.
`ut_type`	Type of entry, which can be one of the following values: EMPTY Unused space in file. RUN_LVL The run level of the process, as defined in the inittab file. BOOT_TIME The time at which the system was started. OLD_TIME The time at which a user logged on to the system. NEW_TIME The amount of time the user is idle. INIT_PROCESS A process spawned by the init command. LOGIN_PROCESS A getty process waiting for a login. USER_PROCESS A user process. DEAD_PROCESS A zombie process. ACCOUNTING A system accounting process. UTMAXTYPE ACCOUNTING The largest legal value allowed in the `ut_type` field.

Embedded within the utmp structure is the exit_status structure, which contains the following fields:

Item	Description
`e_termination`	Termination status of a process.
`e_exit`	Exit status of a process, marked as the DEAD_PROCESS value.
`ut_time`	Time at which the entry was made.

Examples

#ifndef -H-UTMP
#define _H_UTMP
#define UTMP_FILE        "/etc/utmp"
#define WTMP_FILE        "/var/adm/wtmp"
#define ILOG_FILE        "/etc/.ilog"
#define ut_name  ut_user
  
struct utmp
{
        char ut_user[256];             /* User login name */
        char ut_id[14];                /* /etc/inittab id */
        char ut_line[64];              /* device name (console, lnxx) */
        pid_t ut_pid;                  /* process id */
        short ut_type;                 /* type of entry */
#if !defined(__64BIT__) 
        int __time_t_space;            /* for 32vs64-bit time_t PPC */
#endif
        time_t ut_time;                /* time entry was made */
        struct exit_status
        {
            short e_termination;       /* Process termination status */
            short e_exit;              /* Process exit status */
        }
        ut_exit;                       /* The exit status of a process
                                        * marked as DEAD_PROCESS.
                                        */
        char ut_host[256];             /* host name */
        int __dbl_word_pad;            /* for double word alignment */
        int __reservedA[2];
        int __reservedV[6];
};
                    /*  Definitions for ut_type */
#define EMPTY              0
#define RUN_LVL            1
#define BOOT_TIME          2
#define OLD_TIME           3
#define NEW_TIME           4
#define INIT_PROCESS       5         /* Process spawned by "init"                 */
#define LOGIN_PROCESS      6         /* A "getty" process                         */

                                     /* waitingforlogin                           */
#define USER_PROCESS       7         /* A user process                            */
#define DEAD_PROCESS       8
#define ACCOUNTING         9
#define UTMAXTYPE ACCOUNTING         /* Largest legal value                        */
                                     /* of ut_type                                 */

   /* Special strings or formats used in the          */
   /* "ut_line" field when accounting for             */
   /* something other than a process.                 */
   /* No string for the ut_line field can be more     */
   /* than 11 chars + a NULL in length.               */

#define RUNLVL_MSG          "run-level %c"
#define BOOT_MSG            "system boot"
#define OTIME_MSG           "old time"
#define TIME_MSG            "new time"

#endif                /* _H_UTMP    */

Note: The who command extracts information from the /etc/utmp, /var/adm/wtmp, and /etc/security/failedlogin files.

Files

Item	Description
/etc/utmp	The path to the utmp file, which contains a record of users logged in to the system.
/var/adm/wtmp	The path to the wtmp file, which contains accounting information about logged-in users.
/etc/security/failedlogin	The path to the failedlogin file, which contains a list of invalid login attempts.