Writetmp is a utility to write special entries to a wtmp file.
Useful as either a replacement for the functionality of the "halt -w"
or "reboot -w" commands which are normally run at shutdown time or
to write special wtmp entries to an alternate wtmp file to which such entries
would normally not be written.
Under normal conditions radius radtwmp or tacacs accounting logs do not
contain shutdown and boottime entries because the access control software is
not setup to take into account these events. In the case of a quick
shutdown or server crash, the wtmp file(s) will lose coherency. To avoid or
minimize the amount of accounting error, it is necessary to write shutdown
and boottime entries to such logs.
Also changes in time which are made manually with date or via the
network with a program such as rdate are not reflected in the
accounting logs, which, if the time difference is severe can improperly
account time for logins active during the time change.
If an entry-type is specified on the command line, the -u,
-l, -h, -i, -p, -t and -c options are
ignored as writetmp will fill in the username, line, id, and host entries as
required for that particular wtmp entry-type.
Writetmp understands the following entry types:
shutdown
used just prior to a normal system shutdown. Also accepts halt or
reboot as aliases for shutdown.
boottime
used at system initialization time, to indicate the system is booting.
oldtime
Indicates the time is about to change.
newtime
Indicates the time has changed. The difference in time is determined from
the timestamp on the last oldtime entry.
runlevel
Indicates a change in runlevel (useless in an accounting sense).
OPTIONS
Writetmp understands the following command line switches:
--help
Outputs a verbose usage listing.
--version
Displays the version of writetmp.
-wwtmp
Select a different output file instead of the default (/var/log/wtmp).
-X[3]
Write to a wtmp file maintained by versions 3.3 or 3.4 Tacacs terminal server
access control software.
-X4
Write to a wtmp file maintained by version 4.0 of Tacacs terminal server access
control software.
-u user
Specify the username for the username field.
-l line
Specify the tty name for the line field.
-h host
Specify the hostname.
-i id
Specify the init id name. Not applicable to tacacs wtmp files.
-p pid
Specify the pid number. Not appliccable to tacacs wtmp files.
-t type
Specify the type of wtmp entry for the ut_type field, not to be confused
with entry-type. May be coded as a number or one of:
unknown, runlevel, boottime, newtime, oldtime,
init, login, user or dead.
-c comment
Specify the comment for the tacacs 4 wtmp comment field (16 characters max).
EXAMPLES
Write a shutdown message to an alternate wtmp log:
writetmp -w /var/adm/xtmp shutdown
A shell script to update the time in an alternate wtmp file when
netdate is run:
#!/bin/sh
writetmp -w /var/adm/xtmp oldtime
netdate clock.llnl.gov
writetmp -w /var/adm/xtmp newtime
Find out how often and for how long people run a specific program, such as
pine:
#!/bin/sh
# /var/adm/cmdtmp must be globally writable.
cmdtmp=/var/adm/cmdtmp
writetmp -w $cmdtmp -u pine -l cmd$$ -h $USER -t user
/path/to/real-pine $*
writetmp -w $cmdtmp -l cmd$$ -t dead
FILES
/var/log/wtmp login database.
AUTHOR
Steve Baker (ice@mama.indstate.edu)
BUGS
Does not lock the wtmp file and does not guarantee a successful write.
Could in theory corrupt a log file.
Rdate and netdate can take seconds to complete, so writing
oldtime/newtime records around them may not be entirely accurate.