utmps
Software
skarnet.org

The utmps-utmpd program

utmps-utmpd manages the utmp database. It expects to be able to create, read and modify a file named utmp in the directory it is launched in.

It is not meant to be called directly; instead, it is expected to be run from a script as a part of a "utmpd" local service.

The examples/ subdirectory of the utmps package provides examples on how to run such a service. The simplest way to do so, for testing purposes, is a command line such as:

s6-ipcserver .utmpd-socket utmps-utmpd

while being in the /run/utmps directory.

/run/utmps/.utmpd-socket is the default place where utmps's implementation of the utmpx.h functions expects the utmpd service to be. It can be changed at build time by giving the --with-utmp-socket=PATH option to configure.

utmps-utmpd does not listen to the socket itself: it reads from its standard input and writes to its standard output. It relies on a superserver such as s6-ipcserver to manage connections to the socket. An instance of utmps-utmpd is run for every client connection; every instance reads the effective uid of the client in an environment variable set by the superserver, which allows it to filter operations - for instance, it allows any user to read from the database but it only allows root, and members of the group utmps-utmpd runs as, to write to it.

If more fine-grained authorizations are required (only allowing certain users and groups to connect to the service), the superserver can be configured to enforce them.

utmps-utmpd does not need to run as root, provided it can write its file; it is recommended to create a utmp user and group, dedicated to utmps-utmpd and utmps-wtmpd operation, and run the superserver as this user and group.