Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX Reference > U


HP-UX 11i Version 3: February 2007

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index


utmp, wtmp, btmp — user login record format


#include <sys/types.h> #include <utmp.h>


These files, which hold user and accounting information for such commands as last, who, write, and login (see last(1), who(1), write(1), and login(1)), have the following structure as defined by <utmp.h>:

#define UTMP_FILE "/etc/utmp" #define WTMP_FILE "/var/adm/wtmp" #define BTMP_FILE "/var/adm/btmp" #define ut_name ut_user struct utmp { char ut_user[8]; /* User login name */ char ut_id[4]; /* /etc/inittab id(usually line#)*/ char ut_line[12] /* device name (console, lnxx) */ pid_t ut_pid; /* process id */ short ut_type; /* type of entry */ struct exit_status short e_termination; /* Process termination status*/ short e_exit; /* Process exit status*/ } ut_exit; /* The exit status of a process*/ /* marked as DEAD_PROCESS.*/ unsigned short ut_reserved1; /* Reserved for future use*/ time_t ut_time; /* time entry was made*/ char ut_host[16]; /* host name,if remote*/ unsigned long ut_addr; /* host Internet addr, if remote*/ }; /* Definitions for ut_type */ #define EMPTY 0 #define RUN_LVL 1 #define BOOT_TIME 2 #define OLD_TIME 3 #define NEW_TIME 4 #define INIT_PROCESS 5 /* Process spawned by "init" */ #define LOGIN_PROCESS 6 /* getty process awaiting login */ #define USER_PROCESS 7 /* A user process */ #define DEAD_PROCESS 8 #define ACCOUNTING 9 #define UTMAXTYPE ACCOUNTING /* Max. legal value of ut_type */ /* Special strings or formats used in the "ut_line" field */ /* when accounting for something other than a process */ /* No string for the ut_line field can be more than */ /* 11 chars + a NULL in length */ #define RUNLVL_MSG "run-level %c" #define BOOT_MSG "system boot" #define OTIME_MSG "old time" #define NTIME_MSG "new time"

File utmp contains a record of all users logged onto the system. File btmp contains bad login entries for each invalid logon attempt. File wtmp contains a record of all logins and logouts.

Note that wtmp and btmp tend to grow without bound, and should be checked regularly. Information that is no longer useful should be removed periodically to prevent it from becoming too large. Also note that wtmp and btmp are not created by the programs that maintain them. Thus, if these files are removed, record-keeping is turned off.


/etc/utmp /var/adm/wtmp /var/adm/btmp


utmp, wtmp, and btmp were developed by HP and the University of California, Berkeley.


<utmp.h>: XPG2

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.