Ubuntu Phasing Out UTMP: Why the 'who' Command Fails in 25.10

UTMP being phased out: - Why “who” returns empty output on modern ubuntu

Ubuntu 25.10 has officially discontinued support for UTMP, a legacy Unix mechanism for tracking logged-in users since the 1970s. Running the traditional ‘who’ command now returns an exit code of 0 but yields no data. This change marks a significant shift in how Linux distributions manage session state and historical login databases.

Why This Matters

The transition from flat UTMP files to SQLite-backed wtmpdb is a technical necessity to resolve the Y2038 problem, where 32-bit systems will fail to handle timestamps past January 19, 2038. While modern tools like ‘w’ have been updated to aggregate data from multiple sources, legacy utilities relying strictly on /var/run/utmp will fail silently without error messages. This discrepancy between system state and command output can break automated auditing scripts and security monitoring tools that depend on standard POSIX utilities for session verification.

Key Insights

• Debian systemd maintainers announced the discontinuation of UTMP in October 2024 to address the Y2038 overflow risk.
• Systemd version 257 in Ubuntu 25.10 is compiled with the -UTMP flag, explicitly excluding the legacy tracking feature.
• The /var/run/utmp and /var/run/utmpx files are no longer created or maintained in modern Ubuntu environments.
• The ‘w’ command from the procps package remains functional by using alternative sources beyond the missing UTMP file.
• wtmpdb serves as the SQLite-backed successor for login databases to ensure compatibility beyond the 2038 epoch.

Working Examples

Checking systemd build flags to confirm the absence of UTMP support (-UTMP).

loginctl --version
systemd 257 (257.9-0ubuntu2.4)
+PAM +AUDIT +SELINUX +APPARMOR +IMA +IPE +SMACK +SECCOMP +GCRYPT
-GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC
+KMOD +LIBCRYPTSETUP +LIBCRYPTSETUP_PLUGINS +LIBFDISK +PCRE2 +PWQUALITY
+P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +BTF
-XKBCOMMON -UTMP +SYSVINIT +LIBARCHIVE

Using loginctl as a reliable alternative to verify active user sessions.

loginctl list-sessions
SESSION UID USER SEAT LEADER CLASS TTY IDLE SINCE
4 1000 ubuntu - 1010 user - no -
5 1000 ubuntu - 1313 manager - no -
2 sessions listed.

Verifying that the legacy UTMP files no longer exist on the filesystem.

ls -la /var/run/utmp /var/run/utmpx
ls: cannot access '/var/run/utmp': No such file or directory
ls: cannot access '/var/run/utmpx': No such file or directory

Practical Applications

• Use Case: Update server health-check scripts to use ‘loginctl list-sessions’ instead of ‘who’ to ensure accurate user auditing on Ubuntu 25.10+.
• Pitfall: Relying on the ‘who’ command’s exit code for logic gates; it returns 0 even when it fails to find active sessions due to missing UTMP files.
• Use Case: Deploying ‘wtmpdb’ for long-term login history management to ensure Y2038 compliance in modern Linux infrastructures.

References:

• https://dev.to/jaideepg/utmp-being-phased-out-why-who-returns-empty-output-on-modern-ubuntu-1chj
• https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/2130814