CONTENTS

SYNOPSIS

DESCRIPTION

#define UT_NAMESIZE16
#define UT_LINESIZE8
#define UT_HOSTSIZE16

struct lastlog {
int32_t ll_time; /* When user logged in */
char ll_line[UT_LINESIZE]; /* Terminal line name */
char ll_host[UT_HOSTSIZE]; /* Host user came from */
};

struct utmp {
char ut_line[UT_LINESIZE]; /* Terminal line name */
char ut_name[UT_NAMESIZE]; /* User’s login name */
char ut_host[UT_HOSTSIZE]; /* Host user came from */
int32_t ut_time; /* When user logged in */
};

The lastlog file is a linear array of
.Vt lastlog structures indexed by a user’s UID. The utmp file is a linear array of
.Vt utmp structures indexed by a terminal line number (see ttyslot(3)). The wtmp file consists of
.Vt utmp structures and is a binary log file, that is, grows linearly at its end.

By default, each time a user logs in, the pam_lastlog(8) program looks up the user’s UID in the file lastlog. If it is found, the timestamp of the last time the user logged in, the terminal line and the hostname are written to the standard output. The pam_lastlog(8) program then records the new login time in the file lastlog.

After the new
.Vt lastlog record is written, the file utmp is opened and the
.Vt utmp record for the user is inserted. This record remains there until the user logs out at which time it is deleted. The utmp file is used by the programs rwho(1), users(1), w(1), and who(1).

Next, the pam_lastlog(8) program opens the file wtmp, and appends the user’s
.Vt utmp record. The user’s subsequent logout from the terminal line is marked by a special
.Vt utmp record with ut_line set accordingly, ut_time updated, but ut_name and ut_host both empty (see init(8)). The wtmp file is used by the programs last(1) and ac(8).

In the event of a date change, a shutdown or reboot, the following items are logged in the wtmp file.

NOTES

If any one of these files does not exist, it is not created by pam_lastlog(8). The files must be created manually.

SEE ALSO

HISTORY