⇑ Updated MKS Toolkit
![[3khat16.ico]](../../img/3khat16.ico)
HP3000
3kMail
![[archive16.gif]](../../img/archive16.gif "Wayback Archive")
utmplogin accounting file format |
File Format |
/etc/utmp
holds the current state of each item being accounted, for while
/etc/wtmp maintains the history of changes to each accounting item.
Both files are just arrays of the following binary records described in the form
of a C data structure:
#include <sys/types.h>
struct utmp {
char ut_user[8]; /* Login user name */
char ut_id[4]; /* ID from /etc/inittab */
char ut_line[12]; /* Login terminal name */
ulong ut_pid; /* Process id */
short ut_type; /* Entry type (see below) */
struct exit_status {
/* Process termination+exit status*/
short e_termination;
short e_exit;
} ut_exit; /* Used with DEAD_PROCESS */
time_t ut_time; /* Entry created */
};
#define EMPTY 0 /* Unused */
#define RUN_LVL 1 /* Set new run level */
#define BOOT_TIME 2 /* System boot */
#define OLD_TIME 3 /* Time of date change - delta */
#define NEW_TIME 4 /* Time of date change + delta */
#define INIT_PROCESS 5 /* Process started by /etc/init */
#define LOGIN_PROCESS 6 /* Login process */
#define USER_PROCESS 7 /* User process */
#define DEAD_PROCESS 8 /* Contains exit status */
#define ACCOUNTING 9 /* Other accounting */
/etc/utmpreflects the current state of the accounting entries, for example, who is logged in, when the date was last set, and so on.
/etc/wtmpcontains a history of changes to any of the accounting entries.
who
envvar