 | | The utmp file contains records that describe the current state of the system. This includes one record for each logged-in user, and some additional records that will be described later. The login command writes a record to the utmp file each time a user logs in; the record is removed when the user logs out. The wtmp file contains historical data in the same format. Each time a user logs in, a record is written to the file. Each time a user logs out, the same record is written to the file again, except that the login name field (ut_user or ut_name) is empty, and the ut_time field contains the logout time instead of the login time. Programs such as last can read this file, match up the entries with login names and those without, and produce a summary of when each user logged in and out. | |
|