1 README for init/getty/login, by poe@daimi.aau.dk
3 This package contains simpleinit, agetty, and login programs for Linux.
4 Additional utilities included are: hostname, who, write, wall, users
5 domainname, hostid, cage and mesg.
7 Most of this software has been contributed by others, I basically just
8 ported the things to Linux.
10 Version 1.49 (20-Jun-97)
11 Small patches for new util-linux distribution and glibc compat.
12 PAM support in login.c by Erik Troan.
14 Version 1.48 (6-Jun-97)
15 Now changes mode and owner of /dev/vcs devices for console logins.
16 After idea by Andries Brouwer.
18 Version 1.47 (2-Apr-97)
19 Got new version of hostid.c and hostid.1 from
20 Sander van Malssen <svm@kozmix.ow.nl>.
21 Removed premature endutent() call in login.c, simpleinit.c and
22 agetty.c to be compatible with the changed semantics of gnu libc2.
23 Fix by Jesse Thilo <Jesse.Thilo@pobox.com>.
25 Version 1.46 (28-Jan-97)
26 Several security fixes for login by David Holland (buffer overruns)
27 <dholland@hcs.harvard.edu>
28 Fixed write.c, to handle a terminating period correctly.
29 Re-indented login.c, it was getting too messy.
31 Version 1.45a (16-Dec-96)
32 Better support in login for shadow passwords. Compile with
33 -DSHADOW_PWD if you have <shadow.h>. This is on by default.
34 By Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>.
35 Changed the wtmp locking scheme in login.c,agetty.c,simpleinit.c
36 to flock() /etc/wtmplock instead of the wtmp file directly.
37 This avoids a denial of service attack.
38 Some support for the RB-1 Cryptocard token for challenge/response
39 authentication. This needs a DES library, either Eric Young's
40 libdes, or the Koontz implementation, see cryptocard.c.
41 Initial support patch by Randolph Bentson,
42 <bentson@grieg.seaslug.org>
43 Changed getpass() to use fputs() instead of fprintf().
45 Version 1.44 (13-Nov-96):
46 Made isapty() in checktty.c more resilient to 2.0 systems
47 that haven't re-MAKEDEV'ed their pty devices.
49 Version 1.43 (8-Nov-96):
50 Fix to checktty.c: PTY's are numbered differently after 1.3,
51 blush! Fix by Gerhard Schneider <gs@ilfb.tuwien.ac.at>
53 Version 1.42c (6-Nov-96):
54 Small fix by Gabriel M. Schuyler <schuyler@easiest.com>, to get
55 better syslog messages (1 LOGIN FAILURE instead of 2 LOGIN FAILURES).
56 Patch butchered by me.
58 Version 1.42b (30-Sep-96):
59 Got patch for checktty.c from Christoph Lameter
60 <clameter@miriam.fuller.edu> so it doesn't traverse the groupfile
61 "manually" but uses the getgroups() call, this is more efficient
62 with large groupfiles and NIS/YP.
64 Version 1.42a (24-Sep-96):
65 Added extra syslog() call to login.c to log all good logins.
66 Patch from Steve Philp.
68 Version 1.41 (20-Jul-96):
69 Added security fix to checktty.c by JDS to clear certain lists.
70 Patches butchered and ANSI'fied by me.
71 Added -n option to agetty to avoid the login prompt.
73 Version 1.40a (29-Dec-95):
74 Added -f <issue_file> option to agetty. Patches from Eric Rasmussen
75 <ear@usfirst.org>, but somewhat butchered by me.
77 Version 1.39 (25-Oct-95):
78 Lots of testing and bugfixes in agetty. Now the modem init stuff
79 should finally work (for me). Also wrote modem.agetty as an example
80 on how to use agetty with a modem.
81 Agetty now also supports baud rates of 38400, 57600, 115200 and
84 Version 1.37 (15-Sep-95):
85 Added -I <initstring> and -w options to agetty.c for those that
86 use agetty with modems.
88 Version 1.36 (25-Aug-95):
89 Enhanced /etc/usertty features with group support. Moved this part
90 of login.c to checktty.c. One can now define classes of hosts and
91 ttys and do access checking based on unix-group membership. See
92 login.1. Also time ranges for logins can be specified, for example
95 joe [mon:tue:wed:thu:fri:8-16]@barracuda [mon:tue:wed:thu:fri:0-7:17-23]@joes.pc.at.home [sat:sun:0-23]@joes.pc.at.home
97 says that during working hours, Joe may rlogin from the host
98 barracuda, whereas outside working hours and in weekends Joe may
99 rlogin from his networked PC at home.
101 login.c: failures was not properly initialized, it now is. Also
102 made sure ALL failures are really logged to syslog.
104 Version 1.35 (7-Aug-95):
105 login.c: Much improved features for the usertty file, allows
106 access control based on both hostnames/addresses and line. See the
107 about.usertty file and the man-page.
109 Fixed agetty so it doesn't fiddle with the ut_id field in the
110 utmp record, this should prevent growing utmps on systems with
111 more than 10 login lines. Fix suggested and checked by Alan Wendt
112 <alan@ezlink.com> in his agetty.1.9.1a.
114 Agetty now installs as agetty again, not as getty.
115 Updated man-page for login(1) to document /etc/usertty changes.
117 This has been tested on Linux 1.2.5 with GCC 2.5.8 and libc 4.5.26.
119 Version 1.33a (20-Jun-95):
120 rchatfie@cavern.nmsu.edu ("rc.") suggested that I should remove
121 the #ifndef linux around the special logging of dial-up
122 logins. This is now done, so each login via a serial port
123 generates a separate DIALUP syslog entry.
125 Version 1.33 (5-Jun-95):
126 Patch by Ron Sommeling <sommel@sci.kun.nl> and
127 jlaiho@ichaos.nullnet.fi (Juha Laiho) for agetty.c, used
128 to return a pointer to an automatic variable in get_logname().
129 Many patches from or via Rickard Faith <faith@cs.unc.edu>, fixing
130 man-pages etc, now defaults to using /var/log/wtmp and /var/run/utmp
131 according to the new FSSTND.
133 Fix in login.c for CPU eating bug when a remote telnet client dies
136 This is for Linux 1.2, GCC 2.6.2 or later.
138 Version 1.32b (12-Mar-95):
139 Login now sets the tty group to "tty" instead of "other". Depending
140 on compile-time define USE_TTY_GROUP the tty mode is set to 0620 or
141 0600 instead of 0622. All as per suggestion by Rik Faith and the
143 Write/wall now strips control chars except BEL (\007). Again after
144 suggestion by Rik Faith.
147 Urgent security patch from Alvaro M. Echevarria incorporated into
148 login.c. This is really needed on machines running YP until
149 the libraries are fixed.
152 Login now logs the ip-address of the connecting host to utmp as it
155 Version 1.31b (2-Feb-95):
156 Daniel Quinlan <quinlan@yggdrasil.com> and Ross Biro
157 <biro@yggdrasil.com> suggested a patch to login.c that allows for
158 shell scripts in the shell field of /etc/passwd, so one can now
159 have (as a line in /etc/passwd):
160 bye::1000:1000:Outlogger:/bin:echo Bye
161 Logging in as "bye" with no password simply echoes Bye on the screen.
162 This has applications for pppd/slip.
164 Version 1.31a (28-Oct-94):
165 Scott Telford provided a patch for simpleinit, so executing reboot
166 from singleuser mode won't partially execute /etc/rc before
169 Version 1.30 (17-Sep-94):
170 tobias@server.et-inf.fho-emden.de (Peter Tobias) has made a more
171 advanced hostname command that understands some options such as
172 -f for FQDN etc. I'll not duplicate his work. Use his hostname
175 svm@kozmix.xs4all.nl (Sander van Malssen) provided more features
176 for the /etc/issue file in agetty. \U and \u now expand to the
177 number of current users.
179 It is now possible to state the value of TERM on the agetty command
180 line. This was also provided by Sander.
182 This has been built under Linux 1.1.42 with gcc 2.5.8 and libc 4.5.26.
184 Version 1.29 (18-Aug-94):
185 Finally got around to making a real version after the numerous
186 alpha versions of 1.28. Scott Telford <st@epcc.ed.ac.uk> provided
187 a patch for write(1) to make it look more like BSD write.
189 Fixed login so that the .hushlogin feature works even with real
190 protective users mounted via NFS (ie. where root can't access
191 the user's .hushlogin file).
193 Cleaned up the code to make -Wall bearable.
195 Version 1.28c (21-Jul-94):
196 Rik Faith reminded me that agetty should use the syslog
197 facility. It now does.
199 Version 1.28b (30-May-94):
200 On suggestion from Jeremy Fitzhardinge <jeremy@suite.sw.oz.au>
201 I added -- as option delimiter on args passed from agetty to
202 login. Fixes -froot hole for other login programs. The login
203 program in this package never had that hole.
205 Version 1.28a (16-May-94):
206 bill@goshawk.lanl.gov provided a couple of patches, one fixing
207 terminal setup in agetty, and reboot is now supposed to be
208 in /sbin according to FSSTND.
210 Version 1.27 (10-May-94):
211 Changed login.c, so all bad login attempts are logged, and added
212 usertty security feature. See about.usertty for an explanation.
213 There's no longer a limit of 20 chars in the TERM environment
214 variable. Suggested by Nicolai Langfeldt <janl@math.uio.no>
216 Added #ifdef HAVE_QUOTA around quota checks. Enable them if
217 you have quota stuff in your libraries and kernel.
218 Also re-enabled set/getpriority() calls as we now have them,
219 and have had for a long time...
221 Now wtmp is locked and unlocked around writes to avoid mangling.
222 Due to Jaakko Hyv{tti <HYVATTI@cc.helsinki.fi>.
224 Wrt. agetty: A \o in /etc/issue now inserts the domainname, as
225 set by domainname(1). Sander van Malssen provided this.
226 This is being used under Linux 1.1.9
228 Beefed up the agetty.8 man-page to describe the /etc/issue
229 options. Added man-pages for wall, cage, who.
231 Version 1.26 alpha (25-Apr-94):
232 Added patch from Bill Reynolds <bill@goshawk.lanl.gov> to
233 simpleinit, so it will drop into single user if /etc/rc
234 fails, eg. from fsck.
236 Version 1.25 (9-Feb-94):
237 Agetty should now work with the Linux 0.99pl15a kernel.
238 ECHOCTL and ECHOPRT are no longer set in the termios struct.
239 Also made agetty accept both "tty baudrate" and "baudrate tty"
242 Version 1.24 (23-Jan-94): changes since 1.22
243 Christian von Roques <roques@juliet.ka.sub.org> provided a patch
244 that cleans up the handling of the -L option on agetty.
245 Rik Faith <faith@cs.unc.edu> enhanced several man-pages...
247 Version 1.23 (11-Dec-93): changes since 1.21
248 Mitchum DSouza provided the hostid(1) code. It needs libc 4.4.4 or
249 later and a Linux 0.99.14 kernel or later. It can set and print
250 the world unique hostid of the machine. This may be used in
251 connection with commercial software licenses. God forbid!
252 I added the -v option, and munged the code a bit, so don't blame
253 Mitch if you don't like it.
255 I made the "cage" program. Using this as a shell in the passwd
256 file, enables one to let users log into a chroot'ed environment.
257 For those that have modem logins and are concerned about security.
258 Read the source for further info.
260 "who am i" now works.
262 The login program works with Yellow Pages (aka NIS) simply by
263 linking with an appropriate library containing a proper version
264 of getpwnam() and friends.
266 Version 1.21 (30-Oct-93): changes since 1.20
267 In simpleinit.c: The boottime wtmp record is now written *after*
268 /etc/rc is run, to put a correct timestamp on it.
269 Daniel Thumim <dthumim@mit.edu> suggested this fix.
271 The source and Makefile is prepared for optional installation of
272 binaries in /sbin instead of /etc, and logfiles in /usr/adm instead
273 of /etc. See and change the Makefile to suit your preferences.
274 Rik Faith and Stephen Tweedie inspired this change.
276 Version 1.20 (30-Jul-93): changes since 1.17:
277 Versions 1.18 and 1.19 were never made publicly available.
278 Agetty now supports a -L switch that makes it force the CLOCAL flag.
279 This is useful if you have a local terminal attached with a partly
280 wired serial cable that does not pass on the Carrier Detect signal.
282 There's a domainname program like the hostname program; contributed
285 Simpleinit will now write a REBOOT record to wtmp on boot up. Time-
286 zone support is now optional in simpleinit. Both of these patches
287 were made by Scott Telford <st@epcc.ed.ac.uk>.
289 This is for Linux 0.99.11 or later.
291 Version 1.17 (19-May-93): changes since 1.16:
292 Login, simpleinit and write should now work with shadow passwords
293 too. See the Makefile. Thanks to Anders Buch who let me have an
294 account on his SLS based Linux box on the Internet, so I could test
295 this. I should also thank jmorriso@rflab.ee.ubc.ca (John Paul Morrison)
296 who sent me the shadow patch to login.c
298 Version 1.16 (24-Apr-93): changes since 1.15a:
299 Simpleinit now clears the utmp entry associated with the pid's that
300 it reaps if there is one. A few are still using simpleinit and this
301 was a popular demand. It also appends an entry to wtmp
303 Version 1.15a (15-Mar-93): changes since 1.13a:
304 junio@shadow.twinsun.com (Jun Hamano) sent me a one-line fix
305 for occasional mangled issue-output from agetty.
307 Version 1.13a (2-Mar-93): changes since 1.12a:
308 With the new LILO (0.9), there are more than one possible arg
309 to init, so Werner Almesberger <almesber@bernina.ethz.ch>
310 suggested that a loop over argv[] was made in boot_single() in
313 Version 1.12a (24-Feb-93): changes since 1.11:
314 This is for Linux 0.99.6 or later. Built with gcc 2.3.3 and libc4.2
315 jrs@world.std.com (Rick Sladkey) told me that the setenv("TZ",..)
316 in login.c did more harm than good, so I commented it out.
318 Version 1.11a (16-Feb-93): changes since 1.9a:
319 This is for Linux 0.99.5 or later.
320 Anthony Rumble <arumble@extro.ucc.su.OZ.AU> made me avare that
321 the patches for vhangup() from Steven S. Dick didn't quite work,
324 Linus Torvalds provided another patch relating to vhangup, since
325 in newer Linuxen vhangup() doesn't really close all files, so we
326 can't just open the tty's again.
328 Version 1.9a (18-Jan-93): changes since 1.8a:
329 Rick Faith sent me man-pages for most of the utilities in this
330 package. They are now included.
332 Steven S. Dick <ssd@nevets.oau.org> sent me a patch for login.c
333 so DTR won't drop during vhangup() on a modemline.
335 This is completely untested!! I haven't even had the time to
338 Version 1.8a (13-Dec-92): changes since 1.7:
339 This is for Linux 0.98.6 or later. Compiles with gcc2.2.2d7 and libc4.1
341 Bettered write/wall after fix from I forget who. Now wall can have
346 Patched simpleinit.c with patch from Ed Carp, so it sets the timezone
347 from /etc/TZ. Should probably by be /etc/timezone.
349 Sander Van Malssen <sander@kozmix.hacktic.nl> provided a patch
350 for getty, so it can understand certain escapecodes in /etc/issue.
352 I hacked up a very simple substitute for a syslog() call, to try out
353 the logging. If you have a real syslog() and syslogd then use that!
355 The special vhangup.c file is out, it's in the official libc by now.
356 (and even in the libc that I have :-)
358 who, and write are now deprecated, get the better ones from one of
359 the GNU packages, shellutils I think.
361 Some people think that the simple init provided in this package is too
362 spartan, if you think the same, then get the SYSV compatible init
363 from Miquel van Smoorenburg <miquels@maestro.htsa.aha.nl>
364 Simpleinit will probably be deprecated in the future.
366 Version 1.7: 26-Oct-92 changes since 1.6:
367 This is for Linux 0.97PL4 or later.
369 Thanks to Werner Almesberger, init now has support for a
372 Login now supports the -h <hostname> option, used in connection
373 with TCP/IP. (rlogin/telnet)
375 Getty writes an entry to /etc/wtmp when started, so last won't report
376 "still logged in" for tty's that have not been logged into since
377 the last user of that tty logged out. This patch was inspired by
378 Mitchum DSouza. To gain the full benefit of this, get the newest
379 last from the admutils-1.4.tar.Z package or later.
381 Version 1.6 (29-Aug-92): changes since 1.5:
382 This is for Linux 0.97P1+ or later.
384 Login now uses the newly implemented vhangup() sys-call, to prevent
386 An alternative getpass() function is now provided with login, because
387 I was told that the old one in libc didn't work with telnet and
388 or rlogin. I don't have a network or a kernel with TCP/IP so I haven't
389 tested the new one with telnet, but it is derived from BSD sources
390 that are supposed to work with networking.
392 Version 1.5 (12-Aug-92): changes since 1.4
393 This is for Linux 0.97 or later, and has been built with gcc2.2.2
395 This release just puts in a few bugfixes in login.c and simpleinit.c
397 Version 1.4 (4-Jul-92): changes since 1.3:
398 This is for Linux 0.96b, and has been built and tested with gcc 2.2.2.
400 Init now handles the SIGINT signal. When init gets a SIGINT it will
401 call /usr/bin/reboot and thereby gently reboot the machine. This
402 makes sense because after Linux 0.96B-PL1 the key-combination
403 Ctrl-Alt-Del may send a SIGINT to init instead of booting the
404 machine the hard way without syncing or anything.
406 You may want to get the admutils-1.1 package which includes a program
407 that will instruct the kernel to use the "gentle-reboot" procedure.
409 Version 1.3 (14-Jun-92): changes since 1.2:
410 This is for Linux 0.96A.
412 The ioctl(TIOCSWINSZ) has been removed from login.c because it now
415 login.c now supports a lastlog database.
417 Several programs and pieces of source that were included in the 1.2
418 package has been *removed* as they are incorporated into the new
419 libc. Other omitted parts such as last(1) has been replaced by
420 better versions, and can be found in the admutils package.
422 Agetty is now called getty and will be placed in /etc.
424 A few changes has been made to make it possible to compile the
427 Version 1.2 (28-Feb-92): changes since 1.1:
428 This is for Linux 0.12.
430 A couple of problems with simpleinit.c has been solved, thanks to
431 Humberto Zuazaga. So now init groks comments in /etc/inittab, and
432 handles the HUP and TSTP signals properly.
434 I added two small scripts to the distribution: users and mesg.
436 TERM is now carried through from /etc/inittab all the way to the
437 shell. Console tty's are special-cased, so the termcap entry in
438 /etc/inittab is overridden by the setting given at boot-time.
439 This requires a different patch to the kernel than that distributed
442 Login no more sends superfluous chars from a password to the
443 shell. It also properly prints a NL after the password.
445 Agetty didn't set the erase character properly, it does now.
447 A few extra defines has been added to utmp.h
449 Several netters helped discover the bugs in 1.1. Thanks to them
452 Version 1.1 (released 19-Feb-92): Changes since 1.0:
453 A bug in simpleinit.c has been fixed, thanks to Pietro Castelli.
454 The definition of the ut_line field has been changed to track the
455 USG standard more closely, we now strip "/dev/" off the front.
456 Thanks to: Douglas E. Quale and Stephen Gallimore.
458 I have added a getlogin.c library routine, and a write(1) command.
459 I removed the qpl-init stuff. If people want to use it, they should
460 get it from the source. I don't want to hack on it anymore.
462 A couple of people reported problems with getty having problems
463 with serial terminals. That was correct. I borrowed a null-modem
464 from Tommy Thorn, and now the problems should be fixed. It seems
465 that there is kept a lot of garbage in the serial buffers, flush
466 them and it works like a charm. Getty does an ioctl(0, TCFLSH, 2)
469 The write.c code now doubles as code for a wall(1) program.
471 Description of the various files:
473 login.c The login program. This is a portation of BSD login, first
474 to HP-UX 8.0 by Michael Glad (glad@daimi.aau.dk), and
475 to Linux (initially to 0.12) by me.
477 agetty.c The getty program. From comp.sources.misc, by W.Z. Venema.
480 write.c A write(1) command, used to pass messages between users
481 at different terminals. This code doubles as code for
482 a wall(1) command. Make a symlink: /usr/bin/wall ->
483 /usr/bin/write for this.
485 mesg A tiny shellscript, so you can avoid that other people write
491 Getty will print the contents of /etc/issue if it's present before asking
492 for username. Login will print the contents of /etc/motd after successful
493 login. Login doesn't print /etc/motd, and doesn't check for mail if
494 ~/.hushlogin is present and world readable.
496 If /etc/nologin is present then login will print its contents and disallow
497 any logins except root.
498 It might be a good idea to have a "rm -f /etc/nologin" line in one's
501 If /etc/securetty is present it defines which tty's that root can login on.
503 - Peter (poe@daimi.aau.dk)