]>
Commit | Line | Data |
---|---|---|
6dbe3af9 KZ |
1 | .\" Copyright 1993 Rickard E. Faith (faith@cs.unc.edu) |
2 | .\" May be distributed under the GNU General Public License | |
39c877f1 | 3 | .TH LOGIN "1" "June 2012" "util-linux" "User Commands" |
6dbe3af9 | 4 | .SH NAME |
7d6b450d | 5 | login \- begin session on the system |
6dbe3af9 | 6 | .SH SYNOPSIS |
7d6b450d KZ |
7 | .B login |
8 | [ | |
9 | .BR \-p | |
10 | ] [ | |
11 | .BR \-h | |
12 | .IR host | |
13 | ] [ | |
92e386ca KZ |
14 | .BR \-H |
15 | ] [ | |
7d6b450d KZ |
16 | .BR \-f |
17 | .IR username | |
18 | | | |
19 | .IR username | |
20 | ] | |
6dbe3af9 KZ |
21 | .SH DESCRIPTION |
22 | .B login | |
39c877f1 | 23 | is used when signing onto a system. If no argument is given, |
6dbe3af9 KZ |
24 | .B login |
25 | prompts for the username. | |
39c877f1 SK |
26 | .PP |
27 | The user is then prompted for a password, where approprate. Echoing | |
28 | is disabled to prevent revealing the password. Only a small number | |
29 | of password failures are permitted before | |
6dbe3af9 | 30 | .B login |
7d6b450d | 31 | exits and the communications link is severed. |
39c877f1 SK |
32 | .PP |
33 | If password aging has been enabled for the account, the user may be | |
34 | prompted for a new password before proceeding. He will be forced to | |
35 | provide his old password and the new password before continuing. | |
36 | Please refer to | |
7d6b450d KZ |
37 | .BR passwd (1) |
38 | for more information. | |
39c877f1 | 39 | .PP |
7d6b450d KZ |
40 | The user and group ID will be set according to their values in the |
41 | .I /etc/passwd | |
39c877f1 SK |
42 | file. There is one exception if the user ID is zero: in this case, |
43 | only the primary group ID of the account is set. This should allow | |
fed52fd5 | 44 | the system adminitrator to login even in case of network problems. |
7d6b450d KZ |
45 | The value for |
46 | .BR $HOME , | |
fed52fd5 | 47 | .BR $USER , |
7d6b450d KZ |
48 | .BR $SHELL , |
49 | .BR $PATH , | |
50 | .BR $LOGNAME , | |
51 | and | |
52 | .B $MAIL | |
53 | are set according to the appropriate fields in the password entry. | |
54 | .B $PATH | |
55 | defaults to | |
39c877f1 | 56 | .I /usr\:/local\:/bin:\:/bin:\:/usr\:/bin |
6dbe3af9 | 57 | for normal users, and to |
39c877f1 | 58 | .I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin |
7d6b450d | 59 | for root if not other configured. |
39c877f1 | 60 | .P |
7d6b450d KZ |
61 | The environment variable |
62 | .B $TERM | |
63 | will be preserved, if it exists (other environment variables are | |
64 | preserved if the | |
65 | .B \-p | |
39c877f1 SK |
66 | option is given) or be initialize to the terminal type on your tty. |
67 | .PP | |
68 | Then the user's shell is started. If no shell is specified for the | |
fd6b7a7f | 69 | user in |
39c877f1 | 70 | .BR /etc\:/passwd , |
6dbe3af9 | 71 | then |
39c877f1 | 72 | .B /bin\:/sh |
6dbe3af9 | 73 | is used. If there is no directory specified in |
39c877f1 | 74 | .IR /etc\:/passwd , |
6dbe3af9 KZ |
75 | then |
76 | .I / | |
77 | is used (the home directory is checked for the | |
78 | .I .hushlogin | |
7d6b450d | 79 | file described below). |
39c877f1 | 80 | .PP |
7d6b450d KZ |
81 | If the file |
82 | .I .hushlogin | |
83 | exists, then a "quiet" login is performed (this disables the checking | |
39c877f1 SK |
84 | of mail and the printing of the last login time and message of the |
85 | day). Otherwise, if | |
86 | .I /var\:/log\:/lastlog | |
7d6b450d KZ |
87 | exists, the last login time is printed (and the current login is |
88 | recorded). | |
6dbe3af9 KZ |
89 | .SH OPTIONS |
90 | .TP | |
91 | .B \-p | |
92 | Used by | |
93 | .BR getty (8) | |
94 | to tell | |
95 | .B login | |
39c877f1 | 96 | not to destroy the environment. |
6dbe3af9 KZ |
97 | .TP |
98 | .B \-f | |
99 | Used to skip a second login authentication. This specifically does | |
100 | .B not | |
101 | work for root, and does not appear to work well under Linux. | |
102 | .TP | |
103 | .B \-h | |
104 | Used by other servers (i.e., | |
105 | .BR telnetd (8)) | |
106 | to pass the name of the remote host to | |
107 | .B login | |
39c877f1 SK |
108 | so that it may be placed in utmp and wtmp. Only the superuser may |
109 | use this option. | |
110 | .IP | |
111 | Note that the | |
112 | .B \-h | |
113 | option has impact on the | |
114 | .B PAM service | |
115 | .BR name . | |
116 | The standard service name is | |
117 | .IR login , | |
118 | with the | |
119 | .B \-h | |
120 | option the name is | |
121 | .IR remote . | |
122 | It is necessary to create a proper PAM config files (e.g. | |
123 | .I /etc\:/pam.d\:/login | |
124 | and | |
125 | .IR /etc\:/pam.d\:/remote ). | |
92e386ca KZ |
126 | .TP |
127 | .B \-H | |
128 | Used by other servers (i.e., | |
129 | .BR telnetd (8)) | |
130 | to tell | |
131 | .B login | |
132 | that printing the hostname should be suppressed in the login: prompt. | |
0effd19e SK |
133 | .TP |
134 | .B \-V | |
b4362b6f | 135 | Display version information and exit. |
4d8fc09c KZ |
136 | .SH CONFIG FILE ITEMS |
137 | .B login | |
138 | reads the | |
39c877f1 SK |
139 | .IR /etc\:/login.defs (5) |
140 | configuration file. Note that the configuration file could be | |
141 | distributed with another package (e.g. shadow-utils). The following | |
142 | configuration items are relevant for | |
4d8fc09c KZ |
143 | .BR login (1): |
144 | .PP | |
39c877f1 SK |
145 | .B MOTD_FILE |
146 | (string) | |
4d8fc09c | 147 | .RS 4 |
39c877f1 SK |
148 | If defined, ":" delimited list of "message of the day" files to be |
149 | displayed upon login. The default value is | |
150 | .IR /etc\:/motd . | |
151 | If the | |
152 | .B MOTD_FILE | |
153 | item is empty or quiet login is enabled then the message of the day | |
154 | is not displayed. Note that the same functionality is also provided | |
155 | by | |
4d8fc09c KZ |
156 | .BR pam_motd (8) |
157 | PAM module. | |
158 | .RE | |
9abd9cde | 159 | .PP |
39c877f1 SK |
160 | .B LOGIN_TIMEOUT |
161 | (number) | |
9abd9cde | 162 | .RS 4 |
39c877f1 SK |
163 | Max time in seconds for login. The default value is |
164 | .IR 60 . | |
9abd9cde | 165 | .RE |
ca5ee2a8 | 166 | .PP |
39c877f1 SK |
167 | .B LOGIN_RETRIES |
168 | (number) | |
fab1f671 | 169 | .RS 4 |
39c877f1 SK |
170 | Maximum number of login retries in case of bad password. The default |
171 | value is | |
172 | .IR 3 . | |
fab1f671 KZ |
173 | .RE |
174 | .PP | |
39c877f1 SK |
175 | .B FAIL_DELAY |
176 | (number) | |
ca5ee2a8 | 177 | .RS 4 |
39c877f1 SK |
178 | Delay in seconds before being allowed another three tries after a |
179 | login failure. The default value is | |
180 | .IR 5 . | |
ca5ee2a8 | 181 | .RE |
738246ed | 182 | .PP |
39c877f1 SK |
183 | .B TTYPERM |
184 | (string) | |
738246ed | 185 | .RS 4 |
39c877f1 | 186 | The terminal permissions. The default value is |
91984e93 KZ |
187 | .IR 0600 |
188 | or | |
189 | .IR 0620 | |
190 | if tty group is used. | |
738246ed | 191 | .RE |
45d0a30e | 192 | .PP |
39c877f1 SK |
193 | .B TTYGROUP |
194 | (string) | |
45d0a30e KZ |
195 | .RS 4 |
196 | The login tty will be owned by the | |
39c877f1 SK |
197 | .BR TTYGROUP . |
198 | The default value is | |
199 | .IR tty . | |
200 | If the | |
201 | .B TTYGROUP | |
202 | does not exist then the ownership of the terminal is set to the | |
203 | user\'s primary group. | |
ddfc5ed6 | 204 | .PP |
39c877f1 SK |
205 | The |
206 | .B TTYGROUP | |
207 | can be either the name of a group or a numeric group identifier. | |
45d0a30e | 208 | .RE |
84d3c9ff | 209 | .PP |
39c877f1 SK |
210 | .B HUSHLOGIN_FILE |
211 | (string) | |
84d3c9ff | 212 | .RS 4 |
39c877f1 SK |
213 | If defined, this file can inhibit all the usual chatter during the |
214 | login sequence. If a full pathname (e.g. | |
215 | .IR /etc\:/hushlogins ) | |
216 | is specified, then hushed mode will be enabled if the user\'s name or | |
217 | shell are found in the file. If this global hush login file is empty | |
218 | then the hushed mode will be enabled for all users. | |
219 | .PP | |
220 | If not a full pathname is specified, then hushed mode will be enabled | |
221 | if the file exists in the user\'s home directory. | |
222 | .PP | |
223 | The default is to check | |
224 | .I /etc\:/hushlogins | |
225 | and if does not exist then | |
226 | .I ~/.hushlogin | |
227 | .PP | |
228 | If the | |
229 | .B HUSHLOGIN_FILE | |
230 | item is empty then all checks are disabled. | |
84d3c9ff | 231 | .RE |
91d0a913 | 232 | .PP |
39c877f1 SK |
233 | .B DEFAULT_HOME |
234 | (boolean) | |
91d0a913 | 235 | .RS 4 |
39c877f1 SK |
236 | Indicate if login is allowed if we can not change directory to the |
237 | home directory. If set to | |
238 | .IR yes , | |
239 | the user will login in the root (/) directory if it is not possible | |
240 | to change directory to her home. The default value is | |
241 | .IR yes . | |
91d0a913 | 242 | .RE |
cea8ec53 | 243 | .PP |
39c877f1 SK |
244 | .B LOG_UNKFAIL_ENAB |
245 | (boolean) | |
cea8ec53 | 246 | .RS 4 |
39c877f1 SK |
247 | Enable display of unknown usernames when login failures are recorded. |
248 | The default value is | |
249 | .IR no . | |
250 | .PP | |
251 | Note that logging unknown usernames may be a security issue if an | |
252 | user enter her password instead of her login name. | |
cea8ec53 | 253 | .RE |
9f7293ea | 254 | .PP |
39c877f1 SK |
255 | .B ENV_PATH |
256 | (string) | |
9f7293ea | 257 | .RS 4 |
39c877f1 SK |
258 | If set, it will be used to define the PATH environment variable when |
259 | a regular user login. The default value is | |
260 | .I /usr\:/local\:/bin:\:/bin:\:/usr\:/bin | |
9f7293ea KZ |
261 | .RE |
262 | .PP | |
39c877f1 SK |
263 | .B ENV_ROOTPATH |
264 | (string) | |
265 | .br | |
266 | .B ENV_SUPATH | |
267 | (string) | |
9f7293ea | 268 | .RS 4 |
39c877f1 SK |
269 | If set, it will be used to define the PATH environment variable when |
270 | the superuser login. The default value is | |
271 | .I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin | |
9f7293ea | 272 | .RE |
6dbe3af9 KZ |
273 | .SH FILES |
274 | .nf | |
726f69e2 KZ |
275 | .I /var/run/utmp |
276 | .I /var/log/wtmp | |
277 | .I /var/log/lastlog | |
cad18f61 | 278 | .I /var/spool/mail/* |
6dbe3af9 KZ |
279 | .I /etc/motd |
280 | .I /etc/passwd | |
281 | .I /etc/nologin | |
067f5343 KZ |
282 | .I /etc/pam.d/login |
283 | .I /etc/pam.d/remote | |
ee74f262 | 284 | .I /etc/hushlogins |
6dbe3af9 KZ |
285 | .I .hushlogin |
286 | .fi | |
287 | .SH "SEE ALSO" | |
288 | .BR init (8), | |
289 | .BR getty (8), | |
290 | .BR mail (1), | |
291 | .BR passwd (1), | |
292 | .BR passwd (5), | |
293 | .BR environ (7), | |
294 | .BR shutdown (8) | |
295 | .SH BUGS | |
6dbe3af9 KZ |
296 | The undocumented BSD |
297 | .B \-r | |
298 | option is not supported. This may be required by some | |
299 | .BR rlogind (8) | |
300 | programs. | |
39c877f1 SK |
301 | .PP |
302 | A recursive login, as used to be possible in the good old days, no | |
303 | longer works; for most purposes | |
7eda085c | 304 | .BR su (1) |
39c877f1 SK |
305 | is a satisfactory substitute. Indeed, for security reasons, login |
306 | does a vhangup() system call to remove any possible listening | |
307 | processes on the tty. This is to avoid password sniffing. If one | |
308 | uses the command | |
309 | .BR login , | |
310 | then the surrounding shell gets killed by vhangup() because it's no | |
311 | longer the true owner of the tty. This can be avoided by using | |
312 | .B exec login | |
313 | in a top-level shell or xterm. | |
6dbe3af9 | 314 | .SH AUTHOR |
39c877f1 SK |
315 | Derived from BSD login 5.40 (5/9/89) by |
316 | .MT glad@\:daimi.\:dk | |
317 | Michael Glad | |
318 | .ME | |
fd6b7a7f | 319 | for HP-UX |
6dbe3af9 | 320 | .br |
39c877f1 SK |
321 | Ported to Linux 0.12: |
322 | .MT poe@\:daimi.\:aau.\:dk | |
323 | Peter Orbaek | |
324 | .ME | |
ee74f262 | 325 | .br |
39c877f1 SK |
326 | Rewritten to PAM-only version by |
327 | .MT kzak@\:redhat.\:com | |
328 | Karel Zak | |
329 | .ME | |
86d62711 | 330 | .SH AVAILABILITY |
9c91fc03 | 331 | The login command is part of the util-linux package and is |
39c877f1 SK |
332 | available from |
333 | .UR ftp:\://ftp.kernel.org\:/pub\:/linux\:/utils\:/util-linux/ | |
334 | Linux Kernel Archive | |
335 | .UE . |