Translation(s): none
Y2038-safe Replacements for lastlog and wtmp and utmp
The lastlog and wtmp/utmp "databases" as currently maintained by individual programs are not Y2038-safe. Thorsten Kukuk proposed new code as replacements for the wtmp, lastlog databases and interfaces. This wiki page shows the plan (and status) for Debian, based on Thorsten Kukuk's new code.
Thorsten's code works like this:
- New file formats on disk, as sqlite3. The new files tend to be smaller than the old ones on default installs (= large UID ranges).
- New PAM modules to write the wtmp and lastlog(2) entries. After introducing wtmpdb/lastlog2, we could have all packages turn off their own code writing into the old files.
- For utmp, just delegate to logind.
Note: lastlog and last are two different things. Please keep this mind when thinking about/discussing them.
Please see Thorsten's blog entry and the summary on the utmpx projects:
Additional background information:
Historic utmp/wtmp/lastlog explanation: https://sources.debian.org/src/vte/1:0.28.2-6.1/doc/utmpwtmp.txt/
- lastlog2 upstream was originally in a separate repository, but got merged into util-linux
New packages
wtmp: Introduce wtmpdb
wtmpdb brings libpam-wtmpdb (incl. pam-auth-update snippet), libwtmpdb-dev, libwtmpdb0, wtmpdb bin-packages. The /usr/bin/wtmpdb binary provides a last(1)-like interface, but cannot read the old dat afiles.
Priority: standard was chosen for libpam-wtmpdb and wtmpdb, in the expectation that most systems want a working last(1). Just like today.
lastlog: Introduce pam_lastlog2.so
util-linux added pam_lastlog2.so. It writes into a new file, in sqlite3 file format.
Current status
- src:pam removed pam_lastlog.so
- wtmpdb is available in testing/unstable
- pam_lastlog2 is available in testing/unstable
- /run/utmp is not created anymore by systemd
- w(1) works fine
- who(1) needs updating to use logind
- glibc still provides the utmp/wtmp interfaces, but they are mostly useless
- various packages still have code to write to utmp or wtmp
For maintainers
If your package directly (or via libutempter / utmpx) writes into /run/utmp, this needs to be disabled, or at least silenced if the file does not exist.
If your package wants to read the list of currently logged in users, it needs to query this from logind.
Hopefully your package does not need to interact with wtmp or lastlog; if so, it best does that via PAM (for writing) or the new library packages (for reading).