Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ utmpd(1M) — DG/UX R4.11MU05

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

last(1)

who(1)

getut(3)



utmpd(1M)                DG/UX B2 Security R4.12MU02               utmpd(1M)


NAME
       utmpd - Update the system utmp and wtmp files.

SYNOPSIS
       utmpd

DESCRIPTION
       utmpd is a system daemon which updates the files /var/adm/utmp and
       /var/adm/wtmp on behalf of processes which do not have sufficient
       privilege to do it themselves.  It allows both the addition and
       removal of records in the utmp file (the corresponding wtmp entries
       are made automatically by the daemon, based on the requested utmp
       record.  The user process only needs to deal directly with the utmp
       record).  However, since it allows this to be done without use of
       privilege, there are substantial restrictions on what it will do.

   Supported Functions
       Adding a utmp record
              utmpd allows processes to add new utmp records to the system
              utmp file.  It enforces tight constraints on the data the
              process is allowed to enter in its record.  The username
              submitted must be the process' own username, and the ttyname
              must be the process' actual controlling tty.  The hostname and
              id_prefix fields are free-form text.  Other fields of the utmp
              record, such as process id, record type, and current time are
              filled in directly by the daemon without any input from the
              submitting process.  When a new utmp record is added, a new
              wtmp entry is made automatically.

       Removing a utmp record
              utmpd allows processes to remove utmp records from the system
              utmp file.  A process is only allowed to remove records which
              it or one of its child processes created.  The utmp daemon
              will only remove utmp entries which it created itself.  When a
              utmp entry is removed, the corresponding wtmp entry is also
              updated.

       Reading the utmp file
              utmpd does not provide a mechanism for reading the utmp file.
              The traditional UNIX library call getutent(3C) remains for
              this purpose.  The wtmp file can be read with the last(1)
              command.

       Complete documentation on the library routines which provide access
       to these functions of the utmp daemon is available on the
       utmpdlibrary(3) man page.

   Auditing
       On a system configured for auditing, utmpd audits all requests which
       are either completed successfully or rejected for security reasons
       (requests which fail for system-related reasons, such as lack of
       available memory, are reported to the administrator via the syslog
       mechanism but are not audited).  Both adding a new record and
       removing a record are subject to auditing and will be tagged with
       audit class "UTMPD".  A record being added will be audited under the
       event "UTMPD_ADD_UTMP_RECORD", while one being removed will have the
       event "UTMPD_REMOVE_UTMP_RECORD".  All data supplied by the user
       program as well as the process' process id will be recorded in the
       record.  The following are some sample audit records:

       AUDIT RECORD:
       time: Wed Jul 31 14:39:57.640010 1996
       authid=0, pid=1840
       class=UTMPD(119), event=UTMPD_ADD_UTMP_RECORD(108), reason=CS(4), errno=0
       Event specific:
       data as integers: 1847
       data as strings: 'proto'
       data as strings: 'xt'
       data as strings: 'pts/4'
       data as strings: 'somehost'


       The above audit record indicates that the process with pid 1847 successfully
       added a new utmp record with a username field of "proto", an id field of "xt"
       (indicating that the program creating the record was xterm(1)), a
       ttyname field of "pts/4", and a hostname field
       of "somehost".

       AUDIT RECORD:
       time: Wed Jul 31 14:40:02.960010 1996
       authid=0, pid=1840
       class=UTMPD(119), event=UTMPD_REMOVE_UTMP_RECORD(109), reason=CS(4), errno=0
       Event specific:
       data as integers: 1847
       data as integers: 0
       data as integers: 0


       This audit record shows that the same process' entry was subsequently removed
       successfully, with termination and exit status values both 0 (termination is
       the one which is listed first).

FILES
       /var/adm/utmp  A series of binary records describing active sessions
                      on the system.
       /var/adm/wtmp  A series of binary records describing past sessions on
                      the system.
SEE ALSO
       last(1), who(1), getut(3), utmpdlibrary(3).


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026