The reason for the format shift is that the old wtmp format only uses a 32 bit number for time which will rollover in in 2038 (the so called Y2038 problem) so the decision has been taken to switch to a new format with new tools.

2019年3月8日 · The names utmp and wtmp go all the way back to earliest days of UNIX in the 1970's. Both files existed in UNIX v6, where the ac and who commands would report on their contents. (Curiously the who command would report "cannot open wtmp" if /etc/utmp was unreadable.) Initially utmp was in /etc and wtmp was in /usr/adm/wtmp.

The wtmp (and utmp) files date back into the 1970s, and the designers did not give a lot of reasons.What you can see is that utmp and wtmp record accounting information using a fixed-length record, A text logfile would have used more space on the disk and taken more time to format a message than just writing a binary record.

2014年4月4日 · The last command uses the binary file /var/log/wtmp to show a listing of last logged in users. But /var/log/wtmp is a rotated file where old entries are archived into /var/log/wtmp.x where x is a digit [0-9]. So If you need to look deeper in the login history, try to open one of those files: last -2000 -f /var/log/wtmp.1 | less

2021年7月19日 · /var/log/wtmp is usually rotated (or just cleared) by a monthly cron job, or with a config file in /etc/logrotate.d/ For example: on my Debian system, all the lines in /etc/logrotate.d/wtmp are commented out, but /etc/cron.monthly/acct (from the acct GNU Accounting Utilities package) rotates it and generates a monthly report (/var/log/wtmp.report).

Search utmp and wtmp strings in kernel doesn't give much info. So use dpkg -S $(which login) to find the package name where login comes from and google for debian login package. That will lead you to shadow*.tar.gz in those sources you will find the code that writes utmp and wtmp.

2017年1月9日 · For the file /var/log/wtmp, the read and write permission for the group utmp is to allow it to write the login, logout informations to the file. Changing it to readonly for group will affect this process. And the read access for others is to read the file on executing commands like last, who which are dependent on wtmp log.

2021年3月3日 · While I managed to stop thousands of logs being recorded per day in syslog & auth.log there didn't seem to be a way to stop logging the service account SSH logins from clustercontrol to the /var/log/wtmp and /var/log/lastlog files. For this, we use logrotate (See below). Logrotate Lastlog + wtmp

2018年1月11日 · This is why last shows the time at which wtmp begins: that’s the time horizon for the information displayed by last. When wtmp contains the last boot time, last reboot does show it: $ last reboot | head -n 1 reboot system boot 5.10.0-8-amd64 Mon Sep 13 15:56 still running $ who -b system boot 2021-09-13 15:56 $ uptime 09:11:03 up 31 days, 17: ...

2024年7月8日 · After I installed the other package to activate last it is asking for a wtmp.db file open_database_ro: Cannot open database (/var/lib/wtmpdb/wtmp.db): unable to open database file. Despite not having added any additional repositories, for some reason I think that there are new packages that are newly added in the repo.