📑 Table of Contents

utmp, wtmp, btmp and variants such as utmpx, wtmpx and btmpx are files on Unix-like systems that keep track of all logins and logouts to the system.[1]

Format

edit

utmp, wtmp and btmp

edit
  • utmp maintains a full accounting of the current status of the system, system boot time (used by uptime), recording user logins at which terminals, logouts, system events etc.
  • wtmp acts as a historical utmp
  • btmp records failed login attempts

These files are not regular text files, but rather a binary format which needs to be edited by specially crafted programs. The implementation and the fields present in the file differ depending on the system or the libc version, and are defined in the utmp.h header file. The wtmp and btmp format are exactly like utmp except that a null value for "username" indicates a logout on the associated terminal (the actual user name is located by finding the preceding login on that terminal). Furthermore, the value "~" as a terminal name with username "shutdown" or "reboot" indicates a system shutdown or reboot (respectively).[2]

These files are not set by any given PAM module (such as pam_unix.so or pam_sss.so) but are set by the application performing the operation (e.g. mingetty, /bin/login, or sshd). As such it is the obligation of the program itself to record the utmp information.

utmpx, wtmpx and btmpx

edit

Utmpx and wtmpx are extensions to the original utmp and wtmp, originating from Sun Microsystems. Utmpx is specified in POSIX.[3] The utmp, wtmp and btmp files were never a part of any official Unix standard, such as Single UNIX Specification, while utmpx and corresponding APIs are part of it.[4][5] While some systems create different newer files for the utmpx variants and have deprecated/obsoleted former formats, this is not always the case. Linux for example uses the utmpx structure in the place of the older file structure.

Location

edit

Depending on the system, those files may commonly be found in different places (non-exhaustive list) :

AIX:[6] 

/etc/utmp
/var/adm/wtmp

Linux: 

/var/run/utmp
/var/log/wtmp
/var/log/btmp

Solaris:[7] 

/var/adm/utmp (deprecated), /var/adm/utmpx
/var/adm/wtmp (deprecated), /var/adm/wtmpx

HP-UX: 

/etc/utmp (deprecated), /etc/utmpx
/var/adm/wtmp (deprecated), /var/adm/wtmpx
/var/adm/btmp (deprecated), /var/adm/btmpx

FreeBSD 9.0 introduced new files while adding support for utmpx:[8] 

/var/run/utx.active (replaces utmp)
/var/log/utx.lastlogin (replaces lastlog)
/var/log/utx.log (replaces wtmp)
edit

Different commands allow users to consult the information stored in those files. This includes programs who (which show current system users), last (which shows the last logged in users) and lastb (which shows the last failed login attempts; Linux-specific).

See also

edit

References

edit
  1. ^ "man utmp (5)". manpages.org.
  2. ^ "util-linux". github.com. v2.37.2. login-utils/last.c. 2020-12-01. lines 740-750.
  3. ^ "utmpx.h - Man Page". www.mankier.com. Institute of Electrical and Electronics Engineers, Inc and The Open Group. Archived from the original on 2026-01-13.
  4. ^ "utmpx.h - user accounting database definitions". The Open Group Base Specifications. The IEEE and The Open Group. Archived from the original on 2025-11-21.
  5. ^ "Ed's short guide on utmp(x)". 80386.nl. January 12, 2012. Archived from the original on 2016-11-16.
  6. ^ "utmp, wtmp, failedlogin File Format". IBM. March 24, 2023.
  7. ^ andy (May 25, 2010). "Solaris Trim wtmpx file". UNIX Note. Archived from the original on 2014-07-07.
  8. ^ Ed Schouten (2010-01-13). "utmpx.h". github.com. 9.0.0. include/utmpx.h. lines 41-66.
edit


Stub icon

This Unix-related article is a stub. You can help Wikipedia by adding missing information.

📚 Artikel Terkait di Wikipedia

Rob Apter

Supporters' Trust, 18 July 2025 "Thankyou it's been an absolute pleasure! UTMP". instagram.com. 17 July 2025. Retrieved 28 July 2025. "Battle of the Apters

List of GNU packages

statistics on users and processes (last, ac, accton, lastcomm, sa, dump-utmp, dump-acct) GNU ddrescue – data recovery tool GNU Emacs – implementation

Host-based intrusion detection system comparison

Retrieved 2017-04-19. ChkRootkit in the Ubuntu Repositories lastlog, wtmp, utmp, wtmpx "RKHunter". Ubuntu. Retrieved 2017-04-19. RKHunter in the Ubuntu Repositories

ProFTPD

chances of attacks which might exploit its "root" abilities Logging and utmp/wtmp support. Shadow password suite support, including support for expired

Zakaria Sulaiman

Technology Unit (DITU), also known as Unit Teknologi Maklumat Pertahanan (UTMP), an official debut. DITU offers facilities and services for the provision

WTMP

WTMP-FM, a radio station (96.1 FM) licensed to serve Dade City, Florida Utmp, the UNIX wimp file This disambiguation page lists articles associated with

Open Source Tripwire

# you can't be too careful /etc/mtab L # dynamic files /etc/motd L /etc/utmp L =/var/tmp R # only the directory, not its contents The configuration file

Mykola Anastaziievskyi

Circle of Ukrainian Art Workers in 1923 and 1926, the third exhibition of the UTMP in 1934, and a retrospective exhibition of Ukrainian art in 1935 (with paintings