]>
Commit | Line | Data |
---|---|---|
6dbe3af9 KZ |
1 | .\" Copyright 1993 Rickard E. Faith (faith@cs.unc.edu) |
2 | .\" May be distributed under the GNU General Public License | |
39c877f1 | 3 | .TH LOGIN "1" "June 2012" "util-linux" "User Commands" |
6dbe3af9 | 4 | .SH NAME |
7d6b450d | 5 | login \- begin session on the system |
6dbe3af9 | 6 | .SH SYNOPSIS |
7d6b450d KZ |
7 | .B login |
8 | [ | |
0bb7e904 | 9 | .B \-p |
7d6b450d | 10 | ] [ |
0bb7e904 BIG |
11 | .B \-h |
12 | .I host | |
7d6b450d | 13 | ] [ |
0bb7e904 | 14 | .B \-H |
92e386ca | 15 | ] [ |
0bb7e904 BIG |
16 | .B \-f |
17 | .I username | |
7d6b450d | 18 | | |
0bb7e904 | 19 | .I username |
7d6b450d | 20 | ] |
6dbe3af9 KZ |
21 | .SH DESCRIPTION |
22 | .B login | |
39c877f1 | 23 | is used when signing onto a system. If no argument is given, |
6dbe3af9 KZ |
24 | .B login |
25 | prompts for the username. | |
39c877f1 | 26 | .PP |
d35df4db | 27 | The user is then prompted for a password, where appropriate. Echoing |
39c877f1 SK |
28 | is disabled to prevent revealing the password. Only a small number |
29 | of password failures are permitted before | |
6dbe3af9 | 30 | .B login |
7d6b450d | 31 | exits and the communications link is severed. |
39c877f1 SK |
32 | .PP |
33 | If password aging has been enabled for the account, the user may be | |
34 | prompted for a new password before proceeding. He will be forced to | |
35 | provide his old password and the new password before continuing. | |
36 | Please refer to | |
7d6b450d KZ |
37 | .BR passwd (1) |
38 | for more information. | |
39c877f1 | 39 | .PP |
7d6b450d KZ |
40 | The user and group ID will be set according to their values in the |
41 | .I /etc/passwd | |
39c877f1 SK |
42 | file. There is one exception if the user ID is zero: in this case, |
43 | only the primary group ID of the account is set. This should allow | |
3aca66a5 | 44 | the system administrator to login even in case of network problems. |
7d6b450d KZ |
45 | The value for |
46 | .BR $HOME , | |
fed52fd5 | 47 | .BR $USER , |
7d6b450d KZ |
48 | .BR $SHELL , |
49 | .BR $PATH , | |
50 | .BR $LOGNAME , | |
51 | and | |
52 | .B $MAIL | |
53 | are set according to the appropriate fields in the password entry. | |
54 | .B $PATH | |
55 | defaults to | |
39c877f1 | 56 | .I /usr\:/local\:/bin:\:/bin:\:/usr\:/bin |
6dbe3af9 | 57 | for normal users, and to |
39c877f1 | 58 | .I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin |
3aca66a5 | 59 | for root, if not otherwise configured. |
39c877f1 | 60 | .P |
7d6b450d KZ |
61 | The environment variable |
62 | .B $TERM | |
63 | will be preserved, if it exists (other environment variables are | |
64 | preserved if the | |
65 | .B \-p | |
3aca66a5 | 66 | option is given), else it will be initialized to the terminal type on your tty. |
39c877f1 SK |
67 | .PP |
68 | Then the user's shell is started. If no shell is specified for the | |
fd6b7a7f | 69 | user in |
46f057ed | 70 | .IR /etc\:/passwd , |
6dbe3af9 | 71 | then |
46f057ed | 72 | .I /bin\:/sh |
6dbe3af9 | 73 | is used. If there is no directory specified in |
39c877f1 | 74 | .IR /etc\:/passwd , |
6dbe3af9 KZ |
75 | then |
76 | .I / | |
77 | is used (the home directory is checked for the | |
78 | .I .hushlogin | |
7d6b450d | 79 | file described below). |
39c877f1 | 80 | .PP |
7d6b450d KZ |
81 | If the file |
82 | .I .hushlogin | |
83 | exists, then a "quiet" login is performed (this disables the checking | |
39c877f1 SK |
84 | of mail and the printing of the last login time and message of the |
85 | day). Otherwise, if | |
86 | .I /var\:/log\:/lastlog | |
7d6b450d KZ |
87 | exists, the last login time is printed (and the current login is |
88 | recorded). | |
6dbe3af9 KZ |
89 | .SH OPTIONS |
90 | .TP | |
91 | .B \-p | |
92 | Used by | |
93 | .BR getty (8) | |
94 | to tell | |
95 | .B login | |
39c877f1 | 96 | not to destroy the environment. |
6dbe3af9 KZ |
97 | .TP |
98 | .B \-f | |
99 | Used to skip a second login authentication. This specifically does | |
100 | .B not | |
101 | work for root, and does not appear to work well under Linux. | |
102 | .TP | |
103 | .B \-h | |
104 | Used by other servers (i.e., | |
105 | .BR telnetd (8)) | |
106 | to pass the name of the remote host to | |
107 | .B login | |
39c877f1 SK |
108 | so that it may be placed in utmp and wtmp. Only the superuser may |
109 | use this option. | |
110 | .IP | |
111 | Note that the | |
112 | .B \-h | |
113 | option has impact on the | |
114 | .B PAM service | |
115 | .BR name . | |
116 | The standard service name is | |
117 | .IR login , | |
118 | with the | |
119 | .B \-h | |
120 | option the name is | |
121 | .IR remote . | |
eb024893 | 122 | It is necessary to create proper PAM config files (e.g., |
39c877f1 SK |
123 | .I /etc\:/pam.d\:/login |
124 | and | |
125 | .IR /etc\:/pam.d\:/remote ). | |
92e386ca KZ |
126 | .TP |
127 | .B \-H | |
128 | Used by other servers (i.e., | |
129 | .BR telnetd (8)) | |
130 | to tell | |
131 | .B login | |
132 | that printing the hostname should be suppressed in the login: prompt. | |
e6b32e7d KZ |
133 | See also LOGIN_PLAIN_PROMPT below if your server does not allow to configure |
134 | .B login | |
135 | command line. | |
0effd19e | 136 | .TP |
7491906d RM |
137 | \fB\-\-help\fR |
138 | Display help text and exit. | |
139 | .TP | |
140 | \fB\-V\fR, \fB\-\-version\fR | |
b4362b6f | 141 | Display version information and exit. |
4d8fc09c KZ |
142 | .SH CONFIG FILE ITEMS |
143 | .B login | |
144 | reads the | |
46f057ed | 145 | .IR /etc\:/login.defs (5) |
39c877f1 | 146 | configuration file. Note that the configuration file could be |
eb024893 | 147 | distributed with another package (e.g., shadow-utils). The following |
39c877f1 | 148 | configuration items are relevant for |
4d8fc09c KZ |
149 | .BR login (1): |
150 | .PP | |
39c877f1 SK |
151 | .B MOTD_FILE |
152 | (string) | |
4d8fc09c | 153 | .RS 4 |
e327a7ac | 154 | Specifies a ":" delimited list of "message of the day" files and directories |
5a528e2c KZ |
155 | to be displayed upon login. If the specified path is a directory then displays |
156 | all files with .motd file extension in version-sort order from the directory. | |
157 | .PP | |
158 | The default value is | |
72b155ea | 159 | .IR "/usr/share/misc/motd:/run/motd:/etc/motd" . |
39c877f1 SK |
160 | If the |
161 | .B MOTD_FILE | |
3aca66a5 | 162 | item is empty or a quiet login is enabled, then the message of the day |
39c877f1 SK |
163 | is not displayed. Note that the same functionality is also provided |
164 | by | |
4d8fc09c KZ |
165 | .BR pam_motd (8) |
166 | PAM module. | |
5a528e2c KZ |
167 | .PP |
168 | The directories in the | |
169 | .B MOTD_FILE | |
170 | are supported since version 2.36. | |
9789d21a KZ |
171 | .PP |
172 | Note that | |
173 | .B login | |
174 | does not implement any filenames overriding behavior like pam_motd | |
175 | (see also MOTD_FIRSTONLY), but all content from all files is displayed. It is | |
176 | recommended to keep extra logic in content generators and use /run/motd.d rather | |
177 | than rely on overriding behavior hardcoded in system tools. | |
178 | .RE | |
179 | .PP | |
180 | .B MOTD_FIRSTONLY (boolean) | |
181 | .RS 4 | |
182 | Forces | |
183 | .B login | |
184 | to stop display content specified by | |
185 | .B MOTD_FILE | |
186 | after first accessible item in the list. Note that a directory is one item in this case. | |
187 | This option allows to configure | |
188 | .B login | |
189 | semantic to be more compatible with pam_motd. | |
4d8fc09c | 190 | .RE |
9abd9cde | 191 | .PP |
e6b32e7d KZ |
192 | .B LOGIN_PLAIN_PROMPT |
193 | (boolean) | |
194 | .RS 4 | |
195 | Tell login that printing the hostname should be suppressed in the login: | |
196 | prompt. This is alternative to the \fB\-H\fR command line option. The default | |
197 | value is | |
198 | .IR no . | |
199 | .RE | |
200 | .PP | |
39c877f1 SK |
201 | .B LOGIN_TIMEOUT |
202 | (number) | |
9abd9cde | 203 | .RS 4 |
39c877f1 SK |
204 | Max time in seconds for login. The default value is |
205 | .IR 60 . | |
9abd9cde | 206 | .RE |
ca5ee2a8 | 207 | .PP |
39c877f1 SK |
208 | .B LOGIN_RETRIES |
209 | (number) | |
fab1f671 | 210 | .RS 4 |
3aca66a5 | 211 | Maximum number of login retries in case of a bad password. The default |
39c877f1 SK |
212 | value is |
213 | .IR 3 . | |
fab1f671 KZ |
214 | .RE |
215 | .PP | |
39c877f1 SK |
216 | .B FAIL_DELAY |
217 | (number) | |
ca5ee2a8 | 218 | .RS 4 |
39c877f1 SK |
219 | Delay in seconds before being allowed another three tries after a |
220 | login failure. The default value is | |
221 | .IR 5 . | |
ca5ee2a8 | 222 | .RE |
738246ed | 223 | .PP |
39c877f1 SK |
224 | .B TTYPERM |
225 | (string) | |
738246ed | 226 | .RS 4 |
39c877f1 | 227 | The terminal permissions. The default value is |
0bb7e904 | 228 | .I 0600 |
91984e93 | 229 | or |
0bb7e904 | 230 | .I 0620 |
91984e93 | 231 | if tty group is used. |
738246ed | 232 | .RE |
45d0a30e | 233 | .PP |
39c877f1 SK |
234 | .B TTYGROUP |
235 | (string) | |
45d0a30e KZ |
236 | .RS 4 |
237 | The login tty will be owned by the | |
39c877f1 SK |
238 | .BR TTYGROUP . |
239 | The default value is | |
240 | .IR tty . | |
241 | If the | |
242 | .B TTYGROUP | |
3aca66a5 | 243 | does not exist, then the ownership of the terminal is set to the |
39c877f1 | 244 | user\'s primary group. |
ddfc5ed6 | 245 | .PP |
39c877f1 SK |
246 | The |
247 | .B TTYGROUP | |
248 | can be either the name of a group or a numeric group identifier. | |
45d0a30e | 249 | .RE |
84d3c9ff | 250 | .PP |
39c877f1 SK |
251 | .B HUSHLOGIN_FILE |
252 | (string) | |
84d3c9ff | 253 | .RS 4 |
39c877f1 | 254 | If defined, this file can inhibit all the usual chatter during the |
eb024893 | 255 | login sequence. If a full pathname (e.g., |
39c877f1 SK |
256 | .IR /etc\:/hushlogins ) |
257 | is specified, then hushed mode will be enabled if the user\'s name or | |
258 | shell are found in the file. If this global hush login file is empty | |
259 | then the hushed mode will be enabled for all users. | |
260 | .PP | |
3aca66a5 | 261 | If a full pathname is not specified, then hushed mode will be enabled |
39c877f1 SK |
262 | if the file exists in the user\'s home directory. |
263 | .PP | |
264 | The default is to check | |
265 | .I /etc\:/hushlogins | |
3aca66a5 | 266 | and if it does not exist then |
39c877f1 SK |
267 | .I ~/.hushlogin |
268 | .PP | |
269 | If the | |
270 | .B HUSHLOGIN_FILE | |
3aca66a5 | 271 | item is empty, then all the checks are disabled. |
84d3c9ff | 272 | .RE |
91d0a913 | 273 | .PP |
39c877f1 SK |
274 | .B DEFAULT_HOME |
275 | (boolean) | |
91d0a913 | 276 | .RS 4 |
223939d9 | 277 | Indicate if login is allowed if we cannot change directory to the |
39c877f1 SK |
278 | home directory. If set to |
279 | .IR yes , | |
280 | the user will login in the root (/) directory if it is not possible | |
281 | to change directory to her home. The default value is | |
282 | .IR yes . | |
91d0a913 | 283 | .RE |
cea8ec53 | 284 | .PP |
1a83c00d KZ |
285 | .B LASTLOG_UID_MAX |
286 | (unsigned number) | |
287 | .RS 4 | |
288 | Highest user ID number for which the lastlog entries should be | |
289 | updated. As higher user IDs are usually tracked by remote user | |
290 | identity and authentication services there is no need to create | |
291 | a huge sparse lastlog file for them. No LASTLOG_UID_MAX option | |
292 | present in the configuration means that there is no user ID limit | |
293 | for writing lastlog entries. | |
294 | .RE | |
295 | .PP | |
39c877f1 SK |
296 | .B LOG_UNKFAIL_ENAB |
297 | (boolean) | |
cea8ec53 | 298 | .RS 4 |
39c877f1 SK |
299 | Enable display of unknown usernames when login failures are recorded. |
300 | The default value is | |
301 | .IR no . | |
302 | .PP | |
3aca66a5 OO |
303 | Note that logging unknown usernames may be a security issue if a |
304 | user enters her password instead of her login name. | |
cea8ec53 | 305 | .RE |
9f7293ea | 306 | .PP |
39c877f1 SK |
307 | .B ENV_PATH |
308 | (string) | |
9f7293ea | 309 | .RS 4 |
39c877f1 | 310 | If set, it will be used to define the PATH environment variable when |
3aca66a5 | 311 | a regular user logs in. The default value is |
39c877f1 | 312 | .I /usr\:/local\:/bin:\:/bin:\:/usr\:/bin |
9f7293ea KZ |
313 | .RE |
314 | .PP | |
39c877f1 SK |
315 | .B ENV_ROOTPATH |
316 | (string) | |
317 | .br | |
318 | .B ENV_SUPATH | |
319 | (string) | |
9f7293ea | 320 | .RS 4 |
39c877f1 | 321 | If set, it will be used to define the PATH environment variable when |
86f42e5a | 322 | the superuser logs in. ENV_ROOTPATH takes precedence. The default value is |
39c877f1 | 323 | .I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin |
9f7293ea | 324 | .RE |
6dbe3af9 KZ |
325 | .SH FILES |
326 | .nf | |
726f69e2 KZ |
327 | .I /var/run/utmp |
328 | .I /var/log/wtmp | |
329 | .I /var/log/lastlog | |
cad18f61 | 330 | .I /var/spool/mail/* |
6dbe3af9 KZ |
331 | .I /etc/motd |
332 | .I /etc/passwd | |
333 | .I /etc/nologin | |
067f5343 KZ |
334 | .I /etc/pam.d/login |
335 | .I /etc/pam.d/remote | |
ee74f262 | 336 | .I /etc/hushlogins |
6dbe3af9 KZ |
337 | .I .hushlogin |
338 | .fi | |
5a829806 | 339 | .SH SEE ALSO |
6dbe3af9 KZ |
340 | .BR mail (1), |
341 | .BR passwd (1), | |
342 | .BR passwd (5), | |
343 | .BR environ (7), | |
f053ff1e MK |
344 | .BR getty (8), |
345 | .BR init (8), | |
6dbe3af9 KZ |
346 | .BR shutdown (8) |
347 | .SH BUGS | |
6dbe3af9 KZ |
348 | The undocumented BSD |
349 | .B \-r | |
350 | option is not supported. This may be required by some | |
351 | .BR rlogind (8) | |
352 | programs. | |
39c877f1 SK |
353 | .PP |
354 | A recursive login, as used to be possible in the good old days, no | |
355 | longer works; for most purposes | |
7eda085c | 356 | .BR su (1) |
39c877f1 SK |
357 | is a satisfactory substitute. Indeed, for security reasons, login |
358 | does a vhangup() system call to remove any possible listening | |
359 | processes on the tty. This is to avoid password sniffing. If one | |
360 | uses the command | |
361 | .BR login , | |
362 | then the surrounding shell gets killed by vhangup() because it's no | |
363 | longer the true owner of the tty. This can be avoided by using | |
364 | .B exec login | |
365 | in a top-level shell or xterm. | |
6dbe3af9 | 366 | .SH AUTHOR |
39c877f1 SK |
367 | Derived from BSD login 5.40 (5/9/89) by |
368 | .MT glad@\:daimi.\:dk | |
369 | Michael Glad | |
370 | .ME | |
fd6b7a7f | 371 | for HP-UX |
6dbe3af9 | 372 | .br |
39c877f1 SK |
373 | Ported to Linux 0.12: |
374 | .MT poe@\:daimi.\:aau.\:dk | |
375 | Peter Orbaek | |
376 | .ME | |
ee74f262 | 377 | .br |
3aca66a5 | 378 | Rewritten to a PAM-only version by |
39c877f1 SK |
379 | .MT kzak@\:redhat.\:com |
380 | Karel Zak | |
381 | .ME | |
86d62711 | 382 | .SH AVAILABILITY |
9c91fc03 | 383 | The login command is part of the util-linux package and is |
39c877f1 | 384 | available from |
d673b74e | 385 | .UR https://\:www.kernel.org\:/pub\:/linux\:/utils\:/util-linux/ |
39c877f1 SK |
386 | Linux Kernel Archive |
387 | .UE . |