]>
Commit | Line | Data |
---|---|---|
6dbe3af9 KZ |
1 | .\" Copyright 1993 Rickard E. Faith (faith@cs.unc.edu) |
2 | .\" May be distributed under the GNU General Public License | |
232dc924 | 3 | .TH LOGIN 1 "March 2009" "util-linux" "User Commands" |
6dbe3af9 | 4 | .SH NAME |
7d6b450d | 5 | login \- begin session on the system |
6dbe3af9 | 6 | .SH SYNOPSIS |
7d6b450d KZ |
7 | .B login |
8 | [ | |
9 | .BR \-p | |
10 | ] [ | |
11 | .BR \-h | |
12 | .IR host | |
13 | ] [ | |
92e386ca KZ |
14 | .BR \-H |
15 | ] [ | |
7d6b450d KZ |
16 | .BR \-f |
17 | .IR username | |
18 | | | |
19 | .IR username | |
20 | ] | |
6dbe3af9 KZ |
21 | .SH DESCRIPTION |
22 | .B login | |
bc4aa3b5 | 23 | is used when signing onto a system. |
7d6b450d | 24 | If no argument is given, |
6dbe3af9 KZ |
25 | .B login |
26 | prompts for the username. | |
27 | ||
7d6b450d KZ |
28 | The user is then prompted for a password, where approprate. Echoing is |
29 | disabled to prevent revealing the password. Only a small number of password | |
30 | failures are permitted before | |
6dbe3af9 | 31 | .B login |
7d6b450d | 32 | exits and the communications link is severed. |
6dbe3af9 | 33 | |
7d6b450d KZ |
34 | If password aging has been enabled for the account, the user may be prompted |
35 | for a new password before proceeding. He will be forced to provide his old | |
36 | password and the new password before continuing. Please refer to | |
37 | .BR passwd (1) | |
38 | for more information. | |
6dbe3af9 | 39 | |
7d6b450d KZ |
40 | The user and group ID will be set according to their values in the |
41 | .I /etc/passwd | |
42 | file. There is one exception if the user ID is zero: in this case, | |
43 | only the primary group ID of the account is set. This should prevent | |
44 | that the system adminitrator cannot login in case of network problems. | |
45 | The value for | |
46 | .BR $HOME , | |
47 | .BR $SHELL , | |
48 | .BR $PATH , | |
49 | .BR $LOGNAME , | |
50 | and | |
51 | .B $MAIL | |
52 | are set according to the appropriate fields in the password entry. | |
53 | .B $PATH | |
54 | defaults to | |
55 | .I /usr/local/bin:/bin:/usr/bin:. | |
6dbe3af9 | 56 | for normal users, and to |
7d6b450d KZ |
57 | .I /sbin:/bin:/usr/sbin:/usr/bin |
58 | for root if not other configured. | |
6dbe3af9 | 59 | |
7d6b450d KZ |
60 | The environment variable |
61 | .B $TERM | |
62 | will be preserved, if it exists (other environment variables are | |
63 | preserved if the | |
64 | .B \-p | |
65 | option is given) or be initialize to the terminal type on your tty | |
66 | ||
67 | Then the user's shell is started. If no shell is specified for the | |
fd6b7a7f | 68 | user in |
6dbe3af9 KZ |
69 | .BR /etc/passwd , |
70 | then | |
71 | .B /bin/sh | |
72 | is used. If there is no directory specified in | |
73 | .IR /etc/passwd , | |
74 | then | |
75 | .I / | |
76 | is used (the home directory is checked for the | |
77 | .I .hushlogin | |
7d6b450d KZ |
78 | file described below). |
79 | ||
80 | If the file | |
81 | .I .hushlogin | |
82 | exists, then a "quiet" login is performed (this disables the checking | |
83 | of mail and the printing of the last login time and message of the day). | |
84 | Otherwise, if | |
85 | .I /var/log/lastlog | |
86 | exists, the last login time is printed (and the current login is | |
87 | recorded). | |
88 | ||
6dbe3af9 KZ |
89 | .SH OPTIONS |
90 | .TP | |
91 | .B \-p | |
92 | Used by | |
93 | .BR getty (8) | |
94 | to tell | |
95 | .B login | |
96 | not to destroy the environment | |
97 | .TP | |
98 | .B \-f | |
99 | Used to skip a second login authentication. This specifically does | |
100 | .B not | |
101 | work for root, and does not appear to work well under Linux. | |
102 | .TP | |
103 | .B \-h | |
104 | Used by other servers (i.e., | |
105 | .BR telnetd (8)) | |
106 | to pass the name of the remote host to | |
107 | .B login | |
fd6b7a7f KZ |
108 | so that it may be placed in utmp and wtmp. Only the superuser may use |
109 | this option. | |
726f69e2 | 110 | |
067f5343 KZ |
111 | Note that the \fB-h\fP option has impact on the \fBPAM service name\fP. The standard |
112 | service name is "login", with the \fB-h\fP option the name is "remote". It's | |
113 | necessary to create a proper PAM config files (e.g. | |
114 | .I /etc/pam.d/login | |
115 | and | |
116 | .I /etc/pam.d/remote | |
117 | ). | |
92e386ca KZ |
118 | .TP |
119 | .B \-H | |
120 | Used by other servers (i.e., | |
121 | .BR telnetd (8)) | |
122 | to tell | |
123 | .B login | |
124 | that printing the hostname should be suppressed in the login: prompt. | |
4d8fc09c KZ |
125 | |
126 | .SH CONFIG FILE ITEMS | |
127 | .B login | |
128 | reads the | |
129 | .IR /etc/login.defs (5) | |
130 | configuration file. Note that the configuration file could be distributed with | |
131 | another package (e.g. shadow-utils). The following configuration items are | |
132 | relevant for | |
133 | .BR login (1): | |
134 | .PP | |
135 | \fBMOTD_FILE\fR (string) | |
136 | .RS 4 | |
137 | If defined, ":" delimited list of "message of the day" files to be displayed | |
138 | upon login. The default value is "/etc/motd". If the \fBMOTD_FILE\fR item is | |
139 | empty or "quiet" login is enabled then the message of the day is not displayed. | |
140 | Note that the same functionality is also provided by | |
141 | .BR pam_motd (8) | |
142 | PAM module. | |
143 | .RE | |
9abd9cde KZ |
144 | .PP |
145 | \fBLOGIN_TIMEOUT\fR (number) | |
146 | .RS 4 | |
147 | Max time in seconds for login. The default value is 60. | |
148 | .RE | |
ca5ee2a8 KZ |
149 | .PP |
150 | \fBFAIL_DELAY\fR (number) | |
151 | .RS 4 | |
152 | Delay in seconds before being allowed another attempt after a login failure. | |
153 | The default value is 5. | |
154 | .RE | |
738246ed KZ |
155 | .PP |
156 | \fBTTYPERM\fR (string) | |
157 | .RS 4 | |
158 | The terminal permissions. The default value is 0600. | |
159 | .RE | |
45d0a30e KZ |
160 | .PP |
161 | \fBTTYGROUP\fR (string) | |
162 | .RS 4 | |
163 | The login tty will be owned by the | |
164 | \fBTTYGROUP\fR. The default value is 'tty'. If the \fBTTYGROUP\fR does not exist | |
165 | then the ownership of the terminal is set to the user\'s primary group. | |
166 | .SP | |
167 | The \fBTTYGROUP\fR can be either the name of a group or a numeric group identifier. | |
168 | .RE | |
84d3c9ff KZ |
169 | .PP |
170 | \fBHUSHLOGIN_FILE\fR (string) | |
171 | .RS 4 | |
172 | If defined, this file can inhibit all the usual chatter during the login | |
173 | sequence. If a full pathname (e.g. /etc/hushlogins) is specified, then hushed | |
174 | mode will be enabled if the user\'s name or shell are found in the file. If | |
175 | this global hush login file is empty then the hushed mode will be enabled for | |
176 | all users. | |
177 | ||
178 | If not a full pathname is specified, then hushed mode will be enabled if the | |
179 | file exists in the user\'s home directory. | |
738246ed | 180 | |
84d3c9ff KZ |
181 | The default is to check "/etc/hushlogins" and if does not exist then |
182 | "~/.hushlogin". | |
183 | ||
184 | If the \fBHUSHLOGIN_FILE\fR item is empty then all checks are disabled. | |
185 | .RE | |
91d0a913 KZ |
186 | .PP |
187 | \fBDEFAULT_HOME\fR (boolean) | |
188 | .RS 4 | |
189 | Indicate if login is allowed if we can\'t cd to the home directory. If set to | |
190 | \fIyes\fR, the user will login in the root (/) directory if it is not possible | |
191 | to cd to her home directory. The default value is 'yes'. | |
192 | .RE | |
cea8ec53 KZ |
193 | .PP |
194 | \fBLOG_UNKFAIL_ENAB\fR (boolean) | |
195 | .RS 4 | |
196 | Enable display of unknown usernames when login failures are recorded\&. | |
197 | .sp | |
198 | Note that logging unknown usernames may be a security issue if an user enter | |
199 | her password instead of her login name. | |
200 | .RE | |
6dbe3af9 KZ |
201 | .SH FILES |
202 | .nf | |
726f69e2 KZ |
203 | .I /var/run/utmp |
204 | .I /var/log/wtmp | |
205 | .I /var/log/lastlog | |
cad18f61 | 206 | .I /var/spool/mail/* |
6dbe3af9 KZ |
207 | .I /etc/motd |
208 | .I /etc/passwd | |
209 | .I /etc/nologin | |
726f69e2 | 210 | .I /etc/usertty |
067f5343 KZ |
211 | .I /etc/pam.d/login |
212 | .I /etc/pam.d/remote | |
6dbe3af9 KZ |
213 | .I .hushlogin |
214 | .fi | |
215 | .SH "SEE ALSO" | |
216 | .BR init (8), | |
217 | .BR getty (8), | |
218 | .BR mail (1), | |
219 | .BR passwd (1), | |
220 | .BR passwd (5), | |
221 | .BR environ (7), | |
222 | .BR shutdown (8) | |
223 | .SH BUGS | |
fd6b7a7f | 224 | |
6dbe3af9 KZ |
225 | The undocumented BSD |
226 | .B \-r | |
227 | option is not supported. This may be required by some | |
228 | .BR rlogind (8) | |
229 | programs. | |
7eda085c KZ |
230 | |
231 | A recursive login, as used to be possible in the good old days, | |
232 | no longer works; for most purposes | |
233 | .BR su (1) | |
234 | is a satisfactory substitute. Indeed, for security reasons, | |
235 | login does a vhangup() system call to remove any possible | |
236 | listening processes on the tty. This is to avoid password | |
237 | sniffing. If one uses the command "login", then the surrounding shell | |
238 | gets killed by vhangup() because it's no longer the true owner of the tty. | |
239 | This can be avoided by using "exec login" in a top-level shell or xterm. | |
6dbe3af9 | 240 | .SH AUTHOR |
fd6b7a7f KZ |
241 | Derived from BSD login 5.40 (5/9/89) by Michael Glad (glad@daimi.dk) |
242 | for HP-UX | |
6dbe3af9 KZ |
243 | .br |
244 | Ported to Linux 0.12: Peter Orbaek (poe@daimi.aau.dk) | |
86d62711 | 245 | .SH AVAILABILITY |
601d12fb KZ |
246 | The login command is part of the util-linux package and is available from |
247 | ftp://ftp.kernel.org/pub/linux/utils/util-linux/. |