1 .\" Copyright 1993 Rickard E. Faith (faith@cs.unc.edu)
2 .\" May be distributed under the GNU General Public License
3 .TH LOGIN "1" "June 2012" "util-linux" "User Commands"
5 login \- begin session on the system
23 is used when signing onto a system. If no argument is given,
25 prompts for the username.
27 The user is then prompted for a password, where appropriate. Echoing
28 is disabled to prevent revealing the password. Only a small number
29 of password failures are permitted before
31 exits and the communications link is severed.
33 If password aging has been enabled for the account, the user may be
34 prompted for a new password before proceeding. He will be forced to
35 provide his old password and the new password before continuing.
40 The user and group ID will be set according to their values in the
42 file. There is one exception if the user ID is zero: in this case,
43 only the primary group ID of the account is set. This should allow
44 the system administrator to login even in case of network problems.
53 are set according to the appropriate fields in the password entry.
56 .I /usr\:/local\:/bin:\:/bin:\:/usr\:/bin
57 for normal users, and to
58 .I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin
59 for root, if not otherwise configured.
61 The environment variable
63 will be preserved, if it exists (other environment variables are
66 option is given), else it will be initialized to the terminal type on your tty.
68 Then the user's shell is started. If no shell is specified for the
73 is used. If there is no directory specified in
77 is used (the home directory is checked for the
79 file described below).
83 exists, then a "quiet" login is performed (this disables the checking
84 of mail and the printing of the last login time and message of the
86 .I /var\:/log\:/lastlog
87 exists, the last login time is printed (and the current login is
96 not to destroy the environment.
99 Used to skip a second login authentication. This specifically does
101 work for root, and does not appear to work well under Linux.
104 Used by other servers (i.e.,
106 to pass the name of the remote host to
108 so that it may be placed in utmp and wtmp. Only the superuser may
113 option has impact on the
116 The standard service name is
122 It is necessary to create proper PAM config files (e.g.,
123 .I /etc\:/pam.d\:/login
125 .IR /etc\:/pam.d\:/remote ).
128 Used by other servers (i.e.,
132 that printing the hostname should be suppressed in the login: prompt.
133 See also LOGIN_PLAIN_PROMPT below if your server does not allow to configure
138 Display help text and exit.
140 \fB\-V\fR, \fB\-\-version\fR
141 Display version information and exit.
142 .SH CONFIG FILE ITEMS
145 .IR /etc\:/login.defs (5)
146 configuration file. Note that the configuration file could be
147 distributed with another package (e.g., shadow-utils). The following
148 configuration items are relevant for
154 Specifies a ":" delimited list of "message of the day" files and directories
155 to be displayed upon login. If the specified path is a directory then displays
156 all files with .motd file extension in version-sort order from the directory.
159 .IR "/usr/share/misc/motd:/run/motd:/etc/motd" .
162 item is empty or a quiet login is enabled, then the message of the day
163 is not displayed. Note that the same functionality is also provided
168 The directories in the
170 are supported since version 2.36.
174 does not implement any filenames overriding behavior like pam_motd
175 (see also MOTD_FIRSTONLY), but all content from all files is displayed. It is
176 recommended to keep extra logic in content generators and use /run/motd.d rather
177 than rely on overriding behavior hardcoded in system tools.
180 .B MOTD_FIRSTONLY (boolean)
184 to stop display content specified by
186 after first accessible item in the list. Note that a directory is one item in this case.
187 This option allows to configure
189 semantic to be more compatible with pam_motd.
192 .B LOGIN_PLAIN_PROMPT
195 Tell login that printing the hostname should be suppressed in the login:
196 prompt. This is alternative to the \fB\-H\fR command line option. The default
204 Max time in seconds for login. The default value is
211 Maximum number of login retries in case of a bad password. The default
219 Delay in seconds before being allowed another three tries after a
220 login failure. The default value is
227 The terminal permissions. The default value is
231 if tty group is used.
237 The login tty will be owned by the
243 does not exist, then the ownership of the terminal is set to the
244 user\'s primary group.
248 can be either the name of a group or a numeric group identifier.
254 If defined, this file can inhibit all the usual chatter during the
255 login sequence. If a full pathname (e.g.,
256 .IR /etc\:/hushlogins )
257 is specified, then hushed mode will be enabled if the user\'s name or
258 shell are found in the file. If this global hush login file is empty
259 then the hushed mode will be enabled for all users.
261 If a full pathname is not specified, then hushed mode will be enabled
262 if the file exists in the user\'s home directory.
264 The default is to check
266 and if it does not exist then
271 item is empty, then all the checks are disabled.
277 Indicate if login is allowed if we cannot change directory to the
278 home directory. If set to
280 the user will login in the root (/) directory if it is not possible
281 to change directory to her home. The default value is
288 Highest user ID number for which the lastlog entries should be
289 updated. As higher user IDs are usually tracked by remote user
290 identity and authentication services there is no need to create
291 a huge sparse lastlog file for them. No LASTLOG_UID_MAX option
292 present in the configuration means that there is no user ID limit
293 for writing lastlog entries.
299 Enable display of unknown usernames when login failures are recorded.
303 Note that logging unknown usernames may be a security issue if a
304 user enters her password instead of her login name.
310 If set, it will be used to define the PATH environment variable when
311 a regular user logs in. The default value is
312 .I /usr\:/local\:/bin:\:/bin:\:/usr\:/bin
321 If set, it will be used to define the PATH environment variable when
322 the superuser logs in. ENV_ROOTPATH takes precedence. The default value is
323 .I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin
350 option is not supported. This may be required by some
354 A recursive login, as used to be possible in the good old days, no
355 longer works; for most purposes
357 is a satisfactory substitute. Indeed, for security reasons, login
358 does a vhangup() system call to remove any possible listening
359 processes on the tty. This is to avoid password sniffing. If one
362 then the surrounding shell gets killed by vhangup() because it's no
363 longer the true owner of the tty. This can be avoided by using
365 in a top-level shell or xterm.
367 Derived from BSD login 5.40 (5/9/89) by
368 .MT glad@\:daimi.\:dk
373 Ported to Linux 0.12:
374 .MT poe@\:daimi.\:aau.\:dk
378 Rewritten to a PAM-only version by
379 .MT kzak@\:redhat.\:com
383 The login command is part of the util-linux package and is
385 .UR https://\:www.kernel.org\:/pub\:/linux\:/utils\:/util-linux/