.\" Copyright 1993 Rickard E. Faith (faith@cs.unc.edu)
.\" May be distributed under the GNU General Public License
.TH LOGIN "1" "November 2020" "util-linux" "User Commands"
.SH NAME
login \- begin session on the system
.SH SYNOPSIS
.B login
[
.B \-p
] [
.B \-h
.I host
] [
.B \-H
] [
.B \-f
.I username
|
.I username
]
.SH DESCRIPTION
.B login
is used when signing onto a system.  If no argument is given,
.B login
prompts for the username.
.PP
The user is then prompted for a password, where appropriate.  Echoing
is disabled to prevent revealing the password.  Only a number
of password failures are permitted before
.B login
exits and the communications link is severed.  See
.B LOGIN_RETRIES
in CONFIG FILE ITEMS section.
.PP
If password aging has been enabled for the account, the user may be prompted
for a new password before proceeding.  In such case old password must be
provided and the new password entered before continuing.  Please refer to
.BR passwd (1)
for more information.
.PP
The user and group ID will be set according to their values in the
.I /etc/passwd
file.  There is one exception if the user ID is zero.  In this case,
only the primary group ID of the account is set.  This should allow
the system administrator to login even in case of network problems.
The environment variable values for
.BR $HOME ,
.BR $USER ,
.BR $SHELL ,
.BR $PATH ,
.BR $LOGNAME ,
and
.B $MAIL
are set according to the appropriate fields in the password entry.
.B $PATH
defaults to
.I /usr\:/local\:/bin:\:/bin:\:/usr\:/bin
for normal users, and to
.I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin
for root, if not otherwise configured.
.P
The environment variable
.B $TERM
will be preserved, if it exists, else it will be initialized to the terminal
type on your tty.  Other environment variables are preserved if the
.B \-p
option is given.
.PP
Then the user's shell is started.  If no shell is specified for the user in
.IR /etc\:/passwd ,
then
.I /bin\:/sh
is used.  If there is no home directory specified in
.IR /etc\:/passwd ,
then
.I /
is used, followed by
.I .hushlogin
check as described below.
.PP
If the file
.I .hushlogin
exists, then a "quiet" login is performed.  This disables the checking of mail
and the printing of the last login time and message of the day.  Otherwise, if
.I /var\:/log\:/lastlog
exists, the last login time is printed, and the current login is recorded.
.SH OPTIONS
.TP
.B \-p
Used by
.BR getty (8)
to tell
.B login
to preserve the environment.
.TP
.B \-f
Used to skip a login authentication.  This option is usually used by the
.BR getty (8)
autologin feature.
.TP
.B \-h
Used by other servers (such as
.BR telnetd (8))
to pass the name of the remote host to
.B login
so that it can be placed in utmp and wtmp.  Only the superuser is
allowed use this option.
.IP
Note that the
.B \-h
option has an impact on the
.B PAM service
.BR name .
The standard service name is
.IR login ,
but with the
.B \-h
option, the name is
.IR remote .
It is necessary to create proper PAM config files (for example,
.I /etc\:/pam.d\:/login
and
.IR /etc\:/pam.d\:/remote ).
.TP
.B \-H
Used by other servers (for example,
.BR telnetd (8))
to tell
.B login
that printing the hostname should be suppressed in the login: prompt.  See also
.B LOGIN_PLAIN_PROMPT
below.
.TP
.B \-\-help
Display help text and exit.
.TP
.BR \-V ", " \-\-version
Display version information and exit.
.SH CONFIG FILE ITEMS
.B login
reads the
.IR /etc\:/login.defs (5)
configuration file.  Note that the configuration file could be distributed with
another package (usually shadow-utils).  The following configuration items are
relevant for
.BR login :
.PP
.B MOTD_FILE
(string)
.RS 4
Specifies a ":" delimited list of "message of the day" files and directories
to be displayed upon login.  If the specified path is a directory then displays
all files with .motd file extension in version-sort order from the directory.
.PP
The default value is
.IR "/usr\:/share\:/misc\:/motd:\:/run\:/motd:\:/etc\:/motd" .
If the
.B MOTD_FILE
item is empty or a quiet login is enabled, then the message of the day is not
displayed.  Note that the same functionality is also provided by the
.BR pam_motd (8)
PAM module.
.PP
The directories in the
.B MOTD_FILE
are supported since version 2.36.
.PP
Note that
.B login
does not implement any filenames overriding behavior like pam_motd (see also
.BR MOTD_FIRSTONLY ),
but all content from all files is displayed.  It is recommended to
keep extra logic in content generators and use
.I /run/motd.d
rather than rely on overriding behavior hardcoded in system tools.
.RE
.PP
.B MOTD_FIRSTONLY
(boolean)
.RS 4
Forces
.B login
to stop display content specified by
.B MOTD_FILE
after the first accessible item in the list.  Note that a directory
is one item in this case.  This option allows
.B login
semantics to be configured to be more compatible with pam_motd.  The
default value is
.IR no .
.RE
.PP
.B LOGIN_PLAIN_PROMPT
(boolean)
.RS 4
Tell
.B login
that printing the hostname should be suppressed in the login: prompt.
This is an alternative to the
.B \-H
command line option.  The default value is
.IR no .
.RE
.PP
.B LOGIN_TIMEOUT
(number)
.RS 4
Maximum time in seconds for login.  The default value is
.IR 60 .
.RE
.PP
.B LOGIN_RETRIES
(number)
.RS 4
Maximum number of login retries in case of a bad password.  The default
value is
.IR 3 .
.RE
.PP
.B LOGIN_KEEP_USERNAME
(boolean)
.RS 4
Tell
.B login
to only re-prompt for the password if authentication failed, but the
username is valid.  The default value is
.IR no .
.RE
.PP
.B FAIL_DELAY
(number)
.RS 4
Delay in seconds before being allowed another three tries after a
login failure.  The default value is
.IR 5 .
.RE
.PP
.B TTYPERM
(string)
.RS 4
The terminal permissions.  The default value is
.I 0600
or
.I 0620
if tty group is used.
.RE
.PP
.B TTYGROUP
(string)
.RS 4
The login tty will be owned by the
.BR TTYGROUP .
The default value is
.IR tty .
If the
.B TTYGROUP
does not exist, then the ownership of the terminal is set to the
user\'s primary group.
.PP
The
.B TTYGROUP
can be either the name of a group or a numeric group identifier.
.RE
.PP
.B HUSHLOGIN_FILE
(string)
.RS 4
If defined, this file can inhibit all the usual chatter during the
login sequence.  If a full pathname (for example,
.IR /etc\:/hushlogins )
is specified, then hushed mode will be enabled if the user\'s name or
shell are found in the file.  If this global hush login file is empty
then the hushed mode will be enabled for all users.
.PP
If a full pathname is not specified, then hushed mode will be enabled
if the file exists in the user\'s home directory.
.PP
The default is to check
.I /etc\:/hushlogins
and if it does not exist then
.I \(ti/.hushlogin
.PP
If the
.B HUSHLOGIN_FILE
item is empty, then all the checks are disabled.
.RE
.PP
.B DEFAULT_HOME
(boolean)
.RS 4
Indicate if login is allowed if we cannot change directory to the
home directory.  If set to
.IR yes ,
the user will login in the root (/) directory if it is not possible
to change directory to their home.  The default value is
.IR yes .
.RE
.PP
.B LASTLOG_UID_MAX
(unsigned number)
.RS 4
Highest user ID number for which the
.I lastlog
entries should be updated.  As higher user IDs are usually tracked by
remote user identity and authentication services there is no need to
create a huge sparse
.I lastlog
file for them.  No LASTLOG_UID_MAX option present in the
configuration means that there is no user ID limit for writing
.I lastlog
entries.  The default value is
.IR ULONG_MAX .
.RE
.PP
.B LOG_UNKFAIL_ENAB
(boolean)
.RS 4
Enable display of unknown usernames when login failures are recorded.
The default value is
.IR no .
.PP
Note that logging unknown usernames may be a security issue if a
user enters their password instead of their login name.
.RE
.PP
.B ENV_PATH
(string)
.RS 4
If set, it will be used to define the
.B PATH
environment variable when a regular user logs in.  The default value is
.I /usr\:/local\:/bin:\:/bin:\:/usr\:/bin
.RE
.PP
.B ENV_ROOTPATH
(string)
.br
.B ENV_SUPATH
(string)
.RS 4
If set, it will be used to define the PATH environment variable when the
superuser logs in.  ENV_ROOTPATH takes precedence.  The default value is
.I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin
.RE
.SH FILES
.nf
.I /var/run/utmp
.I /var/log/wtmp
.I /var/log/lastlog
.I /var/spool/mail/*
.I /etc/motd
.I /etc/passwd
.I /etc/nologin
.I /etc/pam.d/login
.I /etc/pam.d/remote
.I /etc/hushlogins
.I $HOME/.hushlogin
.fi
.SH BUGS
The undocumented BSD
.B \-r
option is not supported.  This may be required by some
.BR rlogind (8)
programs.
.PP
A recursive login, as used to be possible in the good old days, no
longer works; for most purposes
.BR su (1)
is a satisfactory substitute.  Indeed, for security reasons,
.B login
does a
.BR vhangup (2)
system call to remove any possible listening processes on the tty.  This is to
avoid password sniffing.  If one uses the command
.BR login ,
then the surrounding shell gets killed by
.BR vhangup (2)
because it's no longer the true owner of the tty.  This can be avoided by using
.B exec login
in a top-level shell or xterm.
.SH AUTHORS
Derived from BSD login 5.40 (5/9/89) by
.MT glad@\:daimi.\:dk
Michael Glad
.ME
for HP-UX
.br
Ported to Linux 0.12:
.MT poe@\:daimi.\:aau.\:dk
Peter Orbaek
.ME
.br
Rewritten to a PAM-only version by
.MT kzak@\:redhat.\:com
Karel Zak
.ME
.SH SEE ALSO
.BR mail (1),
.BR passwd (1),
.BR passwd (5),
.BR utmp (5),
.BR environ (7),
.BR getty (8),
.BR init (8),
.BR lastlog (8)
.BR shutdown (8)
.SH AVAILABILITY
The login command is part of the util-linux package and is available from
.UR https://\:www.kernel.org\:/pub\:/linux\:/utils\:/util-linux/
Linux Kernel Archive
.UE .