I know what these files record, but I'd like to known what 'u','w','b' prefixes mean.
Can anyone shed some light?
Add a comment |
2 Answers
The 'u' stands for user. utmp gives information about who is on the system.
The 'w' in wtmp probably comes from 'who'.
The 'b' comes from 'bad', btmp records the bad login attempts.
The names are a bit cryptic, as so often on Unix/Linux.
- 3And the tmp part is for 'temp'? I'm seriously asking.bitofagoob– bitofagoob2017-05-29 21:19:37 +00:00Commented May 29, 2017 at 21:19
- 2No idea, I searched a bit but could not find anything.
utmpof course has fleeting, temporary, information and was the initial file available, but I have no confirmation that that might be the origin of that name part. You should post that as a new question.Anthon– Anthon2017-05-29 22:58:43 +00:00Commented May 29, 2017 at 22:58 - 2Does it possible
'w'come from'when'? Becausewtmprecords when user logged in and logged out.Lane– Lane2021-01-12 03:14:00 +00:00Commented Jan 12, 2021 at 3:14 - Seeing as
whoonly looks inutmp, and has nothing to do withwtmp, it seems implausible that their names are connected.Martin Kealey– Martin Kealey2025-11-16 13:10:26 +00:00Commented Nov 16 at 13:10 - @bitofagoob tmp was very commonly used in Unix systems as an abbreviation for temporary; the more obvious example is the
/tmpdirectory. (Elsewhere temp is the more common abbreviation for the same thing.)Martin Kealey– Martin Kealey2025-11-16 13:12:41 +00:00Commented Nov 16 at 13:12
There's a good summary of their usage by Linus Torvalds but it doesn't go much into the history.
Edit 2025-05-15: that article was actually written by Matt Bromiley; he titled it "Torvalds Tuesdays" — and I fell for it. Sorry for the misattribution.
The names utmp and wtmp go all the way back to earliest days of UNIX in the 1970's.
Both files existed in UNIX v6, where the ac and who commands would report on their contents. (Curiously the who command would report "cannot open wtmp" if /etc/utmp was unreadable.)
Initially utmp was in /etc and wtmp was in /usr/adm/wtmp.
Both files were moved under /var when that was split from /usr in the 1980's, at first into /var/adm and later into /var/log.
To be sure why those names were chosen you'd have to ask Ken Thompson, or search through Dennis Richie's archive.
I suspect that /etc/utmp was created first and the others names were based on it. Being in /etc where everything else was static may have contributed to using tmp for a file that was created anew each time the system is booted. Or perhaps it was a temporary idea that caught on, and kept its quixotic filename.
btmp was added much later; I don't think it existed when I started using Linux in 1994.
Obviously u refers to "user" and b simply indicates "bad" (failed) logins, but w is less clear. If I had to guess (and knowing the tendency for puns and linguistic quirks) wtmp could be from uutmp ("user usage") being read as "double U temp".
