fwtmp, acctwtmp, wtmpfix - Modify connect time accounting records to
change formats and to make corrections in the records
wtmpfix [-o] [file]
The fwtmp command accepts ASCII records in the type utmp structure for‐
mat as input. The fwtmp command converts output to type utmp structure
formatted binary records. The fwtmp command converts ASCII type utmp
structure formatted input records to binary output records. The wtmp‐
fix appends the active login records to file with the login time
changed to the current time.
The fwtmp command reads records from standard input and writes records
to standard output. Normally, information in record fields of the
/var/adm/wtmp file is entered as binary data by the init and login pro‐
grams during the life of the /var/adm/wtmp file. These /var/adm/wtmp
file records have nine fields formatted according to members of a type
utmp structure defined in the utmp.h include file. The fwtmp command is
also capable of writing properly formatted ASCII records from standard
input into a file when you use the -i option.
Whenever you enter properly formatted ASCII records for conversion to
binary records using the -i option from the standard input device, you
must enter data for each field of the 9-field record in the same order
as that of type utmp structure members using a space as a field separa‐
tor. The following table lists record fields in the order they should
be entered, the type utmp structure member name, and the purpose and
entry character length. The user login name, which must have exactly
sizeof(ut_user) characters. The inittab ID, which must have exactly
sizeof(ut_id) characters. The device name, which must have exactly
sizeof(ut_line) characters. The process ID, which must have 5 decimal
places. The type of entry, which must have 2 decimal places. The type
of entry may have any one of several symbolic constant values. The sym‐
bolic constants are defined in the utmp.h header file. The process
termination status, which must have 4 decimal places. The process exit
status, which must have 4 decimal places. The starting time, which
must have 10 decimal places. The hostname, which must have exactly
All record field entries you make from standard input must be separated
by a space. Also, you must fill all string fields with blank characters
up to the maximum string size. All decimal values must have the speci‐
fied number of decimal places with preceding 0s (zeros) to fill empty
digit positions. The actual size of character arrays can be found in
the utmp.h include file.
The acctwtmp command is called by the runacct shell procedure to write
a utmp formatted record to standard output with the current date and
time together with a 'Reason' string (sizeof(ut_line) characters or
less) that you must also enter.
wtmpfix [-o] [file]
The wtmpfix command is called by the runacct shell procedure to examine
standard input or file records in the wtmp format for corrupted date
and timestamp entries. Whenever a corrupted entry is detected, the
wtmpfix command corrects date and timestamp inconsistencies and writes
corrected records to standard output. Whenever the acctcon1 command
runs, and a date and timestamp in a /var/adm/wtmp file is incorrect, an
error is generated when the first corrupted entry is encountered. The
acctcon1 process is aborted whenever such an error is detected.
The wtmpfix command also checks the validity of the name field to
ensure that the name consists only of alphanumeric characters, a $
(dollar sign), or spaces. Whenever an invalid name is detected, the
wtmpfix command changes the login name to INVALID and writes a diagnos‐
tic message to standard error. In this way, the wtmpfix command reduces
the likelihood that the acctcon2 command may fail.
Each time a date is entered (on system startup or with the date com‐
mand) a pair of date-change records is written to the var/adm/wtmp
file. The first date-change record is the old date, which is entered
with the string old time (the OTIME_MSG string) in the ut_line field
and the option OLD_TIME in the ut_type field. The second record is the
new date, which is entered with the string new time (the NTIME_MSG
string) in the ut_line field and the option NEW_TIME in the ut_type
field. The wtmpfix command uses these records to synchronize all date
and time stamps in the /var/adm/wtmp file. The date-change record pair
is then removed.
You should not use the fwtmp command to correct connect-time accounting
records because the utmp structure format members are not in the cor‐
rect order for this operation.
To convert binary /var/adm/wtmp records in type utmp structure format
to an ASCII file called dummy.file, enter a command similar to the fol‐
lowing: /usr/sbin/acct/fwtmp < /var/adm/wtmp > dummy.file
The content of binary file /var/adm/wtmpfile as input is redi‐
rected to dummy.file as ASCII output. To convert records in an
ASCII type utmp structure formatted file to a binary output file
called /var/adm/wtmp, enter an fwtmp command with the -ic option
similar to the following: /usr/sbin/acct/fwtmp -ic < dummy.file
The content of ASCII file dummy.file as input is redirected to
binary file /var/adm/wtmp as output.
Specifies the command path. Specifies the command path. Specifies the
command path. Header file defining structures used to organize login
information. Database file for currently logged in users.
Login/logout database file.
Commands: acct(8), acctcon(8), acctmerg(8), date(1), runacct(8)