22

I know what these files record, but I'd like to known what 'u','w','b' prefixes mean.

Can anyone shed some light?

Improve this question

2 Answers 2

Reset to default
22

The 'u' stands for user. utmp gives information about who is on the system.
The 'w' in wtmp probably comes from 'who'.
The 'b' comes from 'bad', btmp records the bad login attempts.

The names are a bit cryptic, as so often on Unix/Linux.

Improve this answer
5
  • 3
    And the tmp part is for 'temp'? I'm seriously asking. Commented May 29, 2017 at 21:19
  • 2
    No idea, I searched a bit but could not find anything. utmp of course has fleeting, temporary, information and was the initial file available, but I have no confirmation that that might be the origin of that name part. You should post that as a new question. Commented May 29, 2017 at 22:58
  • 2
    Does it possible 'w' come from 'when'? Because wtmp records when user logged in and logged out. Commented Jan 12, 2021 at 3:14
  • Seeing as who only looks in utmp, and has nothing to do with wtmp, it seems implausible that their names are connected. Commented Nov 16 at 13:10
  • @bitofagoob tmp was very commonly used in Unix systems as an abbreviation for temporary; the more obvious example is the /tmp directory. (Elsewhere temp is the more common abbreviation for the same thing.) Commented Nov 16 at 13:12
8

There's a good summary of their usage by Linus Torvalds but it doesn't go much into the history.

Edit 2025-05-15: that article was actually written by Matt Bromiley; he titled it "Torvalds Tuesdays" — and I fell for it. Sorry for the misattribution.

The names utmp and wtmp go all the way back to earliest days of UNIX in the 1970's.

Both files existed in UNIX v6, where the ac and who commands would report on their contents. (Curiously the who command would report "cannot open wtmp" if /etc/utmp was unreadable.)

Initially utmp was in /etc and wtmp was in /usr/adm/wtmp.

Both files were moved under /var when that was split from /usr in the 1980's, at first into /var/adm and later into /var/log.

To be sure why those names were chosen you'd have to ask Ken Thompson, or search through Dennis Richie's archive.

I suspect that /etc/utmp was created first and the others names were based on it. Being in /etc where everything else was static may have contributed to using tmp for a file that was created anew each time the system is booted. Or perhaps it was a temporary idea that caught on, and kept its quixotic filename.

btmp was added much later; I don't think it existed when I started using Linux in 1994.

Obviously u refers to "user" and b simply indicates "bad" (failed) logins, but w is less clear. If I had to guess (and knowing the tendency for puns and linguistic quirks) wtmp could be from uutmp ("user usage") being read as "double U temp".

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.