]>
Commit | Line | Data |
---|---|---|
6dbe3af9 KZ |
1 | .\" Copyright 1993 Rickard E. Faith (faith@cs.unc.edu) |
2 | .\" May be distributed under the GNU General Public License | |
39c877f1 | 3 | .TH LOGIN "1" "June 2012" "util-linux" "User Commands" |
6dbe3af9 | 4 | .SH NAME |
7d6b450d | 5 | login \- begin session on the system |
6dbe3af9 | 6 | .SH SYNOPSIS |
7d6b450d KZ |
7 | .B login |
8 | [ | |
0bb7e904 | 9 | .B \-p |
7d6b450d | 10 | ] [ |
0bb7e904 BIG |
11 | .B \-h |
12 | .I host | |
7d6b450d | 13 | ] [ |
0bb7e904 | 14 | .B \-H |
92e386ca | 15 | ] [ |
0bb7e904 BIG |
16 | .B \-f |
17 | .I username | |
7d6b450d | 18 | | |
0bb7e904 | 19 | .I username |
7d6b450d | 20 | ] |
6dbe3af9 KZ |
21 | .SH DESCRIPTION |
22 | .B login | |
39c877f1 | 23 | is used when signing onto a system. If no argument is given, |
6dbe3af9 KZ |
24 | .B login |
25 | prompts for the username. | |
39c877f1 | 26 | .PP |
d35df4db | 27 | The user is then prompted for a password, where appropriate. Echoing |
39c877f1 SK |
28 | is disabled to prevent revealing the password. Only a small number |
29 | of password failures are permitted before | |
6dbe3af9 | 30 | .B login |
7d6b450d | 31 | exits and the communications link is severed. |
39c877f1 SK |
32 | .PP |
33 | If password aging has been enabled for the account, the user may be | |
34 | prompted for a new password before proceeding. He will be forced to | |
35 | provide his old password and the new password before continuing. | |
36 | Please refer to | |
7d6b450d KZ |
37 | .BR passwd (1) |
38 | for more information. | |
39c877f1 | 39 | .PP |
7d6b450d KZ |
40 | The user and group ID will be set according to their values in the |
41 | .I /etc/passwd | |
39c877f1 SK |
42 | file. There is one exception if the user ID is zero: in this case, |
43 | only the primary group ID of the account is set. This should allow | |
3aca66a5 | 44 | the system administrator to login even in case of network problems. |
7d6b450d KZ |
45 | The value for |
46 | .BR $HOME , | |
fed52fd5 | 47 | .BR $USER , |
7d6b450d KZ |
48 | .BR $SHELL , |
49 | .BR $PATH , | |
50 | .BR $LOGNAME , | |
51 | and | |
52 | .B $MAIL | |
53 | are set according to the appropriate fields in the password entry. | |
54 | .B $PATH | |
55 | defaults to | |
39c877f1 | 56 | .I /usr\:/local\:/bin:\:/bin:\:/usr\:/bin |
6dbe3af9 | 57 | for normal users, and to |
39c877f1 | 58 | .I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin |
3aca66a5 | 59 | for root, if not otherwise configured. |
39c877f1 | 60 | .P |
7d6b450d KZ |
61 | The environment variable |
62 | .B $TERM | |
63 | will be preserved, if it exists (other environment variables are | |
64 | preserved if the | |
65 | .B \-p | |
3aca66a5 | 66 | option is given), else it will be initialized to the terminal type on your tty. |
39c877f1 SK |
67 | .PP |
68 | Then the user's shell is started. If no shell is specified for the | |
fd6b7a7f | 69 | user in |
46f057ed | 70 | .IR /etc\:/passwd , |
6dbe3af9 | 71 | then |
46f057ed | 72 | .I /bin\:/sh |
6dbe3af9 | 73 | is used. If there is no directory specified in |
39c877f1 | 74 | .IR /etc\:/passwd , |
6dbe3af9 KZ |
75 | then |
76 | .I / | |
77 | is used (the home directory is checked for the | |
78 | .I .hushlogin | |
7d6b450d | 79 | file described below). |
39c877f1 | 80 | .PP |
7d6b450d KZ |
81 | If the file |
82 | .I .hushlogin | |
83 | exists, then a "quiet" login is performed (this disables the checking | |
39c877f1 SK |
84 | of mail and the printing of the last login time and message of the |
85 | day). Otherwise, if | |
86 | .I /var\:/log\:/lastlog | |
7d6b450d KZ |
87 | exists, the last login time is printed (and the current login is |
88 | recorded). | |
6dbe3af9 KZ |
89 | .SH OPTIONS |
90 | .TP | |
91 | .B \-p | |
92 | Used by | |
93 | .BR getty (8) | |
94 | to tell | |
95 | .B login | |
39c877f1 | 96 | not to destroy the environment. |
6dbe3af9 KZ |
97 | .TP |
98 | .B \-f | |
99 | Used to skip a second login authentication. This specifically does | |
100 | .B not | |
101 | work for root, and does not appear to work well under Linux. | |
102 | .TP | |
103 | .B \-h | |
104 | Used by other servers (i.e., | |
105 | .BR telnetd (8)) | |
106 | to pass the name of the remote host to | |
107 | .B login | |
39c877f1 SK |
108 | so that it may be placed in utmp and wtmp. Only the superuser may |
109 | use this option. | |
110 | .IP | |
111 | Note that the | |
112 | .B \-h | |
113 | option has impact on the | |
114 | .B PAM service | |
115 | .BR name . | |
116 | The standard service name is | |
117 | .IR login , | |
118 | with the | |
119 | .B \-h | |
120 | option the name is | |
121 | .IR remote . | |
eb024893 | 122 | It is necessary to create proper PAM config files (e.g., |
39c877f1 SK |
123 | .I /etc\:/pam.d\:/login |
124 | and | |
125 | .IR /etc\:/pam.d\:/remote ). | |
92e386ca KZ |
126 | .TP |
127 | .B \-H | |
128 | Used by other servers (i.e., | |
129 | .BR telnetd (8)) | |
130 | to tell | |
131 | .B login | |
132 | that printing the hostname should be suppressed in the login: prompt. | |
e6b32e7d KZ |
133 | See also LOGIN_PLAIN_PROMPT below if your server does not allow to configure |
134 | .B login | |
135 | command line. | |
0effd19e | 136 | .TP |
7491906d RM |
137 | \fB\-\-help\fR |
138 | Display help text and exit. | |
139 | .TP | |
140 | \fB\-V\fR, \fB\-\-version\fR | |
b4362b6f | 141 | Display version information and exit. |
4d8fc09c KZ |
142 | .SH CONFIG FILE ITEMS |
143 | .B login | |
144 | reads the | |
46f057ed | 145 | .IR /etc\:/login.defs (5) |
39c877f1 | 146 | configuration file. Note that the configuration file could be |
eb024893 | 147 | distributed with another package (e.g., shadow-utils). The following |
39c877f1 | 148 | configuration items are relevant for |
4d8fc09c KZ |
149 | .BR login (1): |
150 | .PP | |
39c877f1 SK |
151 | .B MOTD_FILE |
152 | (string) | |
4d8fc09c | 153 | .RS 4 |
5a528e2c KZ |
154 | Sepecifies a ":" delimited list of "message of the day" files and directories |
155 | to be displayed upon login. If the specified path is a directory then displays | |
156 | all files with .motd file extension in version-sort order from the directory. | |
157 | .PP | |
158 | The default value is | |
159 | .IR "/usr/share/misc/motd:/run/motd:/run/motd.d:/etc/motd:/etc/motd.d" . | |
39c877f1 SK |
160 | If the |
161 | .B MOTD_FILE | |
3aca66a5 | 162 | item is empty or a quiet login is enabled, then the message of the day |
39c877f1 SK |
163 | is not displayed. Note that the same functionality is also provided |
164 | by | |
4d8fc09c KZ |
165 | .BR pam_motd (8) |
166 | PAM module. | |
5a528e2c KZ |
167 | .PP |
168 | The directories in the | |
169 | .B MOTD_FILE | |
170 | are supported since version 2.36. | |
4d8fc09c | 171 | .RE |
9abd9cde | 172 | .PP |
e6b32e7d KZ |
173 | .B LOGIN_PLAIN_PROMPT |
174 | (boolean) | |
175 | .RS 4 | |
176 | Tell login that printing the hostname should be suppressed in the login: | |
177 | prompt. This is alternative to the \fB\-H\fR command line option. The default | |
178 | value is | |
179 | .IR no . | |
180 | .RE | |
181 | .PP | |
39c877f1 SK |
182 | .B LOGIN_TIMEOUT |
183 | (number) | |
9abd9cde | 184 | .RS 4 |
39c877f1 SK |
185 | Max time in seconds for login. The default value is |
186 | .IR 60 . | |
9abd9cde | 187 | .RE |
ca5ee2a8 | 188 | .PP |
39c877f1 SK |
189 | .B LOGIN_RETRIES |
190 | (number) | |
fab1f671 | 191 | .RS 4 |
3aca66a5 | 192 | Maximum number of login retries in case of a bad password. The default |
39c877f1 SK |
193 | value is |
194 | .IR 3 . | |
fab1f671 KZ |
195 | .RE |
196 | .PP | |
39c877f1 SK |
197 | .B FAIL_DELAY |
198 | (number) | |
ca5ee2a8 | 199 | .RS 4 |
39c877f1 SK |
200 | Delay in seconds before being allowed another three tries after a |
201 | login failure. The default value is | |
202 | .IR 5 . | |
ca5ee2a8 | 203 | .RE |
738246ed | 204 | .PP |
39c877f1 SK |
205 | .B TTYPERM |
206 | (string) | |
738246ed | 207 | .RS 4 |
39c877f1 | 208 | The terminal permissions. The default value is |
0bb7e904 | 209 | .I 0600 |
91984e93 | 210 | or |
0bb7e904 | 211 | .I 0620 |
91984e93 | 212 | if tty group is used. |
738246ed | 213 | .RE |
45d0a30e | 214 | .PP |
39c877f1 SK |
215 | .B TTYGROUP |
216 | (string) | |
45d0a30e KZ |
217 | .RS 4 |
218 | The login tty will be owned by the | |
39c877f1 SK |
219 | .BR TTYGROUP . |
220 | The default value is | |
221 | .IR tty . | |
222 | If the | |
223 | .B TTYGROUP | |
3aca66a5 | 224 | does not exist, then the ownership of the terminal is set to the |
39c877f1 | 225 | user\'s primary group. |
ddfc5ed6 | 226 | .PP |
39c877f1 SK |
227 | The |
228 | .B TTYGROUP | |
229 | can be either the name of a group or a numeric group identifier. | |
45d0a30e | 230 | .RE |
84d3c9ff | 231 | .PP |
39c877f1 SK |
232 | .B HUSHLOGIN_FILE |
233 | (string) | |
84d3c9ff | 234 | .RS 4 |
39c877f1 | 235 | If defined, this file can inhibit all the usual chatter during the |
eb024893 | 236 | login sequence. If a full pathname (e.g., |
39c877f1 SK |
237 | .IR /etc\:/hushlogins ) |
238 | is specified, then hushed mode will be enabled if the user\'s name or | |
239 | shell are found in the file. If this global hush login file is empty | |
240 | then the hushed mode will be enabled for all users. | |
241 | .PP | |
3aca66a5 | 242 | If a full pathname is not specified, then hushed mode will be enabled |
39c877f1 SK |
243 | if the file exists in the user\'s home directory. |
244 | .PP | |
245 | The default is to check | |
246 | .I /etc\:/hushlogins | |
3aca66a5 | 247 | and if it does not exist then |
39c877f1 SK |
248 | .I ~/.hushlogin |
249 | .PP | |
250 | If the | |
251 | .B HUSHLOGIN_FILE | |
3aca66a5 | 252 | item is empty, then all the checks are disabled. |
84d3c9ff | 253 | .RE |
91d0a913 | 254 | .PP |
39c877f1 SK |
255 | .B DEFAULT_HOME |
256 | (boolean) | |
91d0a913 | 257 | .RS 4 |
223939d9 | 258 | Indicate if login is allowed if we cannot change directory to the |
39c877f1 SK |
259 | home directory. If set to |
260 | .IR yes , | |
261 | the user will login in the root (/) directory if it is not possible | |
262 | to change directory to her home. The default value is | |
263 | .IR yes . | |
91d0a913 | 264 | .RE |
cea8ec53 | 265 | .PP |
1a83c00d KZ |
266 | .B LASTLOG_UID_MAX |
267 | (unsigned number) | |
268 | .RS 4 | |
269 | Highest user ID number for which the lastlog entries should be | |
270 | updated. As higher user IDs are usually tracked by remote user | |
271 | identity and authentication services there is no need to create | |
272 | a huge sparse lastlog file for them. No LASTLOG_UID_MAX option | |
273 | present in the configuration means that there is no user ID limit | |
274 | for writing lastlog entries. | |
275 | .RE | |
276 | .PP | |
39c877f1 SK |
277 | .B LOG_UNKFAIL_ENAB |
278 | (boolean) | |
cea8ec53 | 279 | .RS 4 |
39c877f1 SK |
280 | Enable display of unknown usernames when login failures are recorded. |
281 | The default value is | |
282 | .IR no . | |
283 | .PP | |
3aca66a5 OO |
284 | Note that logging unknown usernames may be a security issue if a |
285 | user enters her password instead of her login name. | |
cea8ec53 | 286 | .RE |
9f7293ea | 287 | .PP |
39c877f1 SK |
288 | .B ENV_PATH |
289 | (string) | |
9f7293ea | 290 | .RS 4 |
39c877f1 | 291 | If set, it will be used to define the PATH environment variable when |
3aca66a5 | 292 | a regular user logs in. The default value is |
39c877f1 | 293 | .I /usr\:/local\:/bin:\:/bin:\:/usr\:/bin |
9f7293ea KZ |
294 | .RE |
295 | .PP | |
39c877f1 SK |
296 | .B ENV_ROOTPATH |
297 | (string) | |
298 | .br | |
299 | .B ENV_SUPATH | |
300 | (string) | |
9f7293ea | 301 | .RS 4 |
39c877f1 | 302 | If set, it will be used to define the PATH environment variable when |
86f42e5a | 303 | the superuser logs in. ENV_ROOTPATH takes precedence. The default value is |
39c877f1 | 304 | .I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin |
9f7293ea | 305 | .RE |
6dbe3af9 KZ |
306 | .SH FILES |
307 | .nf | |
726f69e2 KZ |
308 | .I /var/run/utmp |
309 | .I /var/log/wtmp | |
310 | .I /var/log/lastlog | |
cad18f61 | 311 | .I /var/spool/mail/* |
6dbe3af9 KZ |
312 | .I /etc/motd |
313 | .I /etc/passwd | |
314 | .I /etc/nologin | |
067f5343 KZ |
315 | .I /etc/pam.d/login |
316 | .I /etc/pam.d/remote | |
ee74f262 | 317 | .I /etc/hushlogins |
6dbe3af9 KZ |
318 | .I .hushlogin |
319 | .fi | |
320 | .SH "SEE ALSO" | |
6dbe3af9 KZ |
321 | .BR mail (1), |
322 | .BR passwd (1), | |
323 | .BR passwd (5), | |
324 | .BR environ (7), | |
f053ff1e MK |
325 | .BR getty (8), |
326 | .BR init (8), | |
6dbe3af9 KZ |
327 | .BR shutdown (8) |
328 | .SH BUGS | |
6dbe3af9 KZ |
329 | The undocumented BSD |
330 | .B \-r | |
331 | option is not supported. This may be required by some | |
332 | .BR rlogind (8) | |
333 | programs. | |
39c877f1 SK |
334 | .PP |
335 | A recursive login, as used to be possible in the good old days, no | |
336 | longer works; for most purposes | |
7eda085c | 337 | .BR su (1) |
39c877f1 SK |
338 | is a satisfactory substitute. Indeed, for security reasons, login |
339 | does a vhangup() system call to remove any possible listening | |
340 | processes on the tty. This is to avoid password sniffing. If one | |
341 | uses the command | |
342 | .BR login , | |
343 | then the surrounding shell gets killed by vhangup() because it's no | |
344 | longer the true owner of the tty. This can be avoided by using | |
345 | .B exec login | |
346 | in a top-level shell or xterm. | |
6dbe3af9 | 347 | .SH AUTHOR |
39c877f1 SK |
348 | Derived from BSD login 5.40 (5/9/89) by |
349 | .MT glad@\:daimi.\:dk | |
350 | Michael Glad | |
351 | .ME | |
fd6b7a7f | 352 | for HP-UX |
6dbe3af9 | 353 | .br |
39c877f1 SK |
354 | Ported to Linux 0.12: |
355 | .MT poe@\:daimi.\:aau.\:dk | |
356 | Peter Orbaek | |
357 | .ME | |
ee74f262 | 358 | .br |
3aca66a5 | 359 | Rewritten to a PAM-only version by |
39c877f1 SK |
360 | .MT kzak@\:redhat.\:com |
361 | Karel Zak | |
362 | .ME | |
86d62711 | 363 | .SH AVAILABILITY |
9c91fc03 | 364 | The login command is part of the util-linux package and is |
39c877f1 | 365 | available from |
d673b74e | 366 | .UR https://\:www.kernel.org\:/pub\:/linux\:/utils\:/util-linux/ |
39c877f1 SK |
367 | Linux Kernel Archive |
368 | .UE . |