login — begin session on the system
login [−p] [ −h host ] [−H] [ −f username | username ]
login is used when signing onto a system. If no argument is given, login prompts for the username.
The user is then prompted for a password, where appropriate. Echoing is disabled to prevent revealing the password. Only a small number of password failures are permitted before login exits and the communications link is severed.
If password aging has been enabled for the account, the user may be prompted for a new password before proceeding. He will be forced to provide his old password and the new password before continuing. Please refer to passwd(1) for more information.
The user and group ID will be set according to their
values in the /etc/passwd file.
There is one exception if the user ID is zero: in this case,
only the primary group ID of the account is set. This should
allow the system administrator to login even in case of
network problems. The value for $HOME, $USER, $SHELL, $PATH, $LOGNAME, and $MAIL are set according to
the appropriate fields in the password entry. $PATH defaults to
/usr/local/bin:/bin:/usr/bin
for normal users, and to /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
for root, if not otherwise configured.
The environment variable $TERM will be preserved, if
it exists (other environment variables are preserved if the
−p option is given), else
it will be initialized to the terminal type on your tty.
Then the user's shell is started. If no shell is specified
for the user in /etc/passwd,
then /bin/sh is used. If there
is no directory specified in /etc/passwd, then / is used (the home directory is checked
for the .hushlogin
file described below).
If the file .hushlogin exists, then a
"quiet" login is performed (this disables the checking of
mail and the printing of the last login time and message of
the day). Otherwise, if /var/log/lastlog exists, the last login
time is printed (and the current login is recorded).
−pUsed by getty(8) to tell login not to destroy the environment.
−fUsed to skip a login authentication. This option is usually used by the getty(8) autologin feature.
−hUsed by other servers (i.e., telnetd(8)) to pass the name of the remote host to login so that it may be placed in utmp and wtmp. Only the superuser may use this option.
Note that the −h
option has an impact on the PAM service name. The standard
service name is login, but with the
−h option, the name
is remote. It is
necessary to create proper PAM config files (e.g.,
/etc/pam.d/login and
/etc/pam.d/remote).
−HUsed by other servers (i.e., telnetd(8)) to tell
login
that printing the hostname should be suppressed in the
login: prompt. See also LOGIN_PLAIN_PROMPT below if your
server does not allow the login command line to
be configured.
−−helpDisplay help text and exit.
−V, −−versionDisplay version information and exit.
login reads
the /etc/login.defs) configuration
file. Note that the configuration file could be distributed
with another package (e.g., shadow-utils). The following
configuration items are relevant for login:(5
MOTD_FILE (string)
Specifies a ":" delimited list of "message of the day" files and directories to be displayed upon login. If the specified path is a directory then displays all files with .motd file extension in version-sort order from the directory.
The default value is
/usr/share/misc/motd:/run/motd:/etc/motd. If theMOTD_FILEitem is empty or a quiet login is enabled, then the message of the day is not displayed. Note that the same functionality is also provided by the pam_motd(8) PAM module.The directories in the
MOTD_FILEare supported since version 2.36.Note that login does not implement any filenames overriding behavior like pam_motd (see also
MOTD_FIRSTONLY), but all content from all files is displayed. It is recommended to keep extra logic in content generators and use/run/motd.drather than rely on overriding behavior hardcoded in system tools.
MOTD_FIRSTONLY (boolean)
Forces login to stop display content specified by
MOTD_FILEafter the first accessible item in the list. Note that a directory is one item in this case. This option allows login semantics to be configured to be more compatible with pam_motd.
LOGIN_PLAIN_PROMPT
(boolean)
Tell login that printing the hostname should be suppressed in the login: prompt. This is an alternative to the
−Hcommand line option. The default value is no.
LOGIN_TIMEOUT (number)
Maximum time in seconds for login. The default value is
60.
LOGIN_RETRIES (number)
Maximum number of login retries in case of a bad password. The default value is
3.
FAIL_DELAY (number)
Delay in seconds before being allowed another three tries after a login failure. The default value is
5.
TTYPERM (string)
The terminal permissions. The default value is
0600or0620if tty group is used.
TTYGROUP (string)
The login tty will be owned by the
TTYGROUP. The default value is tty. If theTTYGROUPdoes not exist, then the ownership of the terminal is set to the user's primary group.The
TTYGROUPcan be either the name of a group or a numeric group identifier.
HUSHLOGIN_FILE (string)
If defined, this file can inhibit all the usual chatter during the login sequence. If a full pathname (e.g.,
/etc/hushlogins) is specified, then hushed mode will be enabled if the user's name or shell are found in the file. If this global hush login file is empty then the hushed mode will be enabled for all users.If a full pathname is not specified, then hushed mode will be enabled if the file exists in the user's home directory.
The default is to check
/etc/hushloginsand if it does not exist then~/.hushloginIf the
HUSHLOGIN_FILEitem is empty, then all the checks are disabled.
DEFAULT_HOME (boolean)
Indicate if login is allowed if we cannot change directory to the home directory. If set to yes, the user will login in the root (/) directory if it is not possible to change directory to her home. The default value is yes.
LASTLOG_UID_MAX (unsigned
number)
Highest user ID number for which the lastlog entries should be updated. As higher user IDs are usually tracked by remote user identity and authentication services there is no need to create a huge sparse lastlog file for them. No LASTLOG_UID_MAX option present in the configuration means that there is no user ID limit for writing lastlog entries.
LOG_UNKFAIL_ENAB
(boolean)
Enable display of unknown usernames when login failures are recorded. The default value is no.
Note that logging unknown usernames may be a security issue if a user enters her password instead of her login name.
ENV_PATH (string)
If set, it will be used to define the
PATHenvironment variable when a regular user logs in. The default value is/usr/local/bin:/bin:/usr/bin
ENV_ROOTPATH (string)
ENV_SUPATH (string)
If set, it will be used to define the PATH environment variable when the superuser logs in. ENV_ROOTPATH takes precedence. The default value is
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
/var/run/utmp/var/log/wtmp/var/log/lastlog/var/spool/mail/*/etc/motd/etc/passwd/etc/nologin/etc/pam.d/login/etc/pam.d/remote/etc/hushlogins.hushlogin
The undocumented BSD −r
option is not supported. This may be required by some
rlogind(8) programs.
A recursive login, as used to be possible in the good old days, no longer works; for most purposes su(1) is a satisfactory substitute. Indeed, for security reasons, login does a vhangup(2) system call to remove any possible listening processes on the tty. This is to avoid password sniffing. If one uses the command login, then the surrounding shell gets killed by vhangup(2) because it's no longer the true owner of the tty. This can be avoided by using exec login in a top-level shell or xterm.
Derived from BSD login 5.40 (5/9/89) by Michael Glad for HP-UX
Ported to Linux 0.12: Peter Orbaek
Rewritten to a PAM-only version by Karel Zak
mail(1), passwd(1), passwd(5), utmp(5), environ(7), getty(8), init(8), lastlog(8) shutdown(8)
The login command is part of the util-linux package and is available from Linux Kernel Archive
|
Copyright 1993 Rickard E. Faith (faithcs.unc.edu) May be distributed under the GNU General Public License |