Attached is a patch for the approach I suggested previously. I only did some ad-hoc testing with the only 2 programs that both read and write to utmp and that I have integrated with utmps: util-linux login and OpenSSH. And I used the simple tests I attached earlier. All good.
login is happy, OpenSSH is happy. I'm happy. That's good enough for me. I re-read the POSIX doc and it doesn't seem there is any egregious violation. YMMV. If you'd like to incorporate the patch, you're welcome to do so. I tried to follow your coding style but please feel free to rewrite to match your coding standards as you see fit :) Now that that's done, I'm having second-thoughts about this whole utmp/wtmp endeavor and wondering if it's worth the efforts. Don't get me wrong, I think your implementation fulfills its premises of security and robustness quite well, and I like how it fits within the s6 "ecosystem". But the POSIX API and data structures feel clunky and archaic. Take for example the id field, which is an arbitrary 4-character string used to uniquely identify an entry in the database. That doesn't strike me as very robust nor secure, given that there is no mechanism to prevent id collisions. Rich Felker may have made the right choice in leaving it on the cutting floor and expecting that no-one would miss it. Perhaps we should just let it die. Isn't there a modern framework equivalent for user accounting on *nix-like systems? I mean beside systemd of course :)