Translation(s): none


Y2038-safe Replacements for lastlog and wtmp and utmp

The lastlog and wtmp/utmp "databases" as currently maintained by individual programs are not Y2038-safe. Thorsten Kukuk proposed new code as replacements for the wtmp, lastlog databases and interfaces. This wiki page shows the plan (and status) for Debian, based on Thorsten Kukuk's new code.

Thorsten's code works like this:

Note: lastlog and last are two different things. Please keep this mind when thinking about/discussing them.

Please see Thorsten's blog entry and the summary on the utmpx projects:

Additional background information:

New packages

wtmp: Introduce wtmpdb

wtmpdb brings libpam-wtmpdb (incl. pam-auth-update snippet), libwtmpdb-dev, libwtmpdb0, wtmpdb bin-packages. The /usr/bin/wtmpdb binary provides a last(1)-like interface, but cannot read the old dat afiles.

Priority: standard was chosen for libpam-wtmpdb and wtmpdb, in the expectation that most systems want a working last(1). Just like today.

lastlog: Introduce pam_lastlog2.so

util-linux added pam_lastlog2.so. It writes into a new file, in sqlite3 file format.

Current status

For maintainers

If your package directly (or via libutempter / utmpx) writes into /run/utmp, this needs to be disabled, or at least silenced if the file does not exist.

If your package wants to read the list of currently logged in users, it needs to query this from logind.

Hopefully your package does not need to interact with wtmp or lastlog; if so, it best does that via PAM (for writing) or the new library packages (for reading).

Bug reports