- The /etc/utmp file, which contains a record of users logged into the system.
The utmp file allows one to discover information about who is currently using the system. There may be more users currently using the system, because not all programs use utmp logging.
Warning: utmp must not be writable, because many system programs (foolishly) depend on its integrity. You risk faked system logfiles and modifications of system files if you leave utmpwritable to any user.
|/etc/utmp||Contains a record of users logged into the system.|
|/var/adm/wtmp||Contains connect accounting information.|
|/etc/security/failedlogin||Contains a record of invalid login attempts|