412 lines
9.6 KiB
Groff
412 lines
9.6 KiB
Groff
.\" Copyright 1993 Rickard E. Faith (faith@cs.unc.edu)
|
|
.\" May be distributed under the GNU General Public License
|
|
.TH LOGIN "1" "November 2020" "util-linux" "User Commands"
|
|
.SH NAME
|
|
login \- begin session on the system
|
|
.SH SYNOPSIS
|
|
.B login
|
|
[
|
|
.B \-p
|
|
] [
|
|
.B \-h
|
|
.I host
|
|
] [
|
|
.B \-H
|
|
] [
|
|
.B \-f
|
|
.I username
|
|
|
|
|
.I username
|
|
]
|
|
.SH DESCRIPTION
|
|
.B login
|
|
is used when signing onto a system. If no argument is given,
|
|
.B login
|
|
prompts for the username.
|
|
.PP
|
|
The user is then prompted for a password, where appropriate. Echoing
|
|
is disabled to prevent revealing the password. Only a number
|
|
of password failures are permitted before
|
|
.B login
|
|
exits and the communications link is severed. See
|
|
.B LOGIN_RETRIES
|
|
in CONFIG FILE ITEMS section.
|
|
.PP
|
|
If password aging has been enabled for the account, the user may be prompted
|
|
for a new password before proceeding. In such case old password must be
|
|
provided and the new password entered before continuing. Please refer to
|
|
.BR passwd (1)
|
|
for more information.
|
|
.PP
|
|
The user and group ID will be set according to their values in the
|
|
.I /etc/passwd
|
|
file. There is one exception if the user ID is zero. In this case,
|
|
only the primary group ID of the account is set. This should allow
|
|
the system administrator to login even in case of network problems.
|
|
The environment variable values for
|
|
.BR $HOME ,
|
|
.BR $USER ,
|
|
.BR $SHELL ,
|
|
.BR $PATH ,
|
|
.BR $LOGNAME ,
|
|
and
|
|
.B $MAIL
|
|
are set according to the appropriate fields in the password entry.
|
|
.B $PATH
|
|
defaults to
|
|
.I /usr\:/local\:/bin:\:/bin:\:/usr\:/bin
|
|
for normal users, and to
|
|
.I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin
|
|
for root, if not otherwise configured.
|
|
.P
|
|
The environment variable
|
|
.B $TERM
|
|
will be preserved, if it exists, else it will be initialized to the terminal
|
|
type on your tty. Other environment variables are preserved if the
|
|
.B \-p
|
|
option is given.
|
|
.PP
|
|
Then the user's shell is started. If no shell is specified for the user in
|
|
.IR /etc\:/passwd ,
|
|
then
|
|
.I /bin\:/sh
|
|
is used. If there is no home directory specified in
|
|
.IR /etc\:/passwd ,
|
|
then
|
|
.I /
|
|
is used, followed by
|
|
.I .hushlogin
|
|
check as described below.
|
|
.PP
|
|
If the file
|
|
.I .hushlogin
|
|
exists, then a "quiet" login is performed. This disables the checking of mail
|
|
and the printing of the last login time and message of the day. Otherwise, if
|
|
.I /var\:/log\:/lastlog
|
|
exists, the last login time is printed, and the current login is recorded.
|
|
.SH OPTIONS
|
|
.TP
|
|
.B \-p
|
|
Used by
|
|
.BR getty (8)
|
|
to tell
|
|
.B login
|
|
to preserve the environment.
|
|
.TP
|
|
.B \-f
|
|
Used to skip a login authentication. This option is usually used by the
|
|
.BR getty (8)
|
|
autologin feature.
|
|
.TP
|
|
.B \-h
|
|
Used by other servers (such as
|
|
.BR telnetd (8))
|
|
to pass the name of the remote host to
|
|
.B login
|
|
so that it can be placed in utmp and wtmp. Only the superuser is
|
|
allowed use this option.
|
|
.IP
|
|
Note that the
|
|
.B \-h
|
|
option has an impact on the
|
|
.B PAM service
|
|
.BR name .
|
|
The standard service name is
|
|
.IR login ,
|
|
but with the
|
|
.B \-h
|
|
option, the name is
|
|
.IR remote .
|
|
It is necessary to create proper PAM config files (for example,
|
|
.I /etc\:/pam.d\:/login
|
|
and
|
|
.IR /etc\:/pam.d\:/remote ).
|
|
.TP
|
|
.B \-H
|
|
Used by other servers (for example,
|
|
.BR telnetd (8))
|
|
to tell
|
|
.B login
|
|
that printing the hostname should be suppressed in the login: prompt. See also
|
|
.B LOGIN_PLAIN_PROMPT
|
|
below.
|
|
.TP
|
|
.B \-\-help
|
|
Display help text and exit.
|
|
.TP
|
|
.BR \-V ", " \-\-version
|
|
Display version information and exit.
|
|
.SH CONFIG FILE ITEMS
|
|
.B login
|
|
reads the
|
|
.IR /etc\:/login.defs (5)
|
|
configuration file. Note that the configuration file could be distributed with
|
|
another package (usually shadow-utils). The following configuration items are
|
|
relevant for
|
|
.BR login :
|
|
.PP
|
|
.B MOTD_FILE
|
|
(string)
|
|
.RS 4
|
|
Specifies a ":" delimited list of "message of the day" files and directories
|
|
to be displayed upon login. If the specified path is a directory then displays
|
|
all files with .motd file extension in version-sort order from the directory.
|
|
.PP
|
|
The default value is
|
|
.IR "/usr\:/share\:/misc\:/motd:\:/run\:/motd:\:/etc\:/motd" .
|
|
If the
|
|
.B MOTD_FILE
|
|
item is empty or a quiet login is enabled, then the message of the day is not
|
|
displayed. Note that the same functionality is also provided by the
|
|
.BR pam_motd (8)
|
|
PAM module.
|
|
.PP
|
|
The directories in the
|
|
.B MOTD_FILE
|
|
are supported since version 2.36.
|
|
.PP
|
|
Note that
|
|
.B login
|
|
does not implement any filenames overriding behavior like pam_motd (see also
|
|
.BR MOTD_FIRSTONLY ),
|
|
but all content from all files is displayed. It is recommended to
|
|
keep extra logic in content generators and use
|
|
.I /run/motd.d
|
|
rather than rely on overriding behavior hardcoded in system tools.
|
|
.RE
|
|
.PP
|
|
.B MOTD_FIRSTONLY
|
|
(boolean)
|
|
.RS 4
|
|
Forces
|
|
.B login
|
|
to stop display content specified by
|
|
.B MOTD_FILE
|
|
after the first accessible item in the list. Note that a directory
|
|
is one item in this case. This option allows
|
|
.B login
|
|
semantics to be configured to be more compatible with pam_motd. The
|
|
default value is
|
|
.IR no .
|
|
.RE
|
|
.PP
|
|
.B LOGIN_PLAIN_PROMPT
|
|
(boolean)
|
|
.RS 4
|
|
Tell
|
|
.B login
|
|
that printing the hostname should be suppressed in the login: prompt.
|
|
This is an alternative to the
|
|
.B \-H
|
|
command line option. The default value is
|
|
.IR no .
|
|
.RE
|
|
.PP
|
|
.B LOGIN_TIMEOUT
|
|
(number)
|
|
.RS 4
|
|
Maximum time in seconds for login. The default value is
|
|
.IR 60 .
|
|
.RE
|
|
.PP
|
|
.B LOGIN_RETRIES
|
|
(number)
|
|
.RS 4
|
|
Maximum number of login retries in case of a bad password. The default
|
|
value is
|
|
.IR 3 .
|
|
.RE
|
|
.PP
|
|
.B LOGIN_KEEP_USERNAME
|
|
(boolean)
|
|
.RS 4
|
|
Tell
|
|
.B login
|
|
to only re-prompt for the password if authentication failed, but the
|
|
username is valid. The default value is
|
|
.IR no .
|
|
.RE
|
|
.PP
|
|
.B FAIL_DELAY
|
|
(number)
|
|
.RS 4
|
|
Delay in seconds before being allowed another three tries after a
|
|
login failure. The default value is
|
|
.IR 5 .
|
|
.RE
|
|
.PP
|
|
.B TTYPERM
|
|
(string)
|
|
.RS 4
|
|
The terminal permissions. The default value is
|
|
.I 0600
|
|
or
|
|
.I 0620
|
|
if tty group is used.
|
|
.RE
|
|
.PP
|
|
.B TTYGROUP
|
|
(string)
|
|
.RS 4
|
|
The login tty will be owned by the
|
|
.BR TTYGROUP .
|
|
The default value is
|
|
.IR tty .
|
|
If the
|
|
.B TTYGROUP
|
|
does not exist, then the ownership of the terminal is set to the
|
|
user\'s primary group.
|
|
.PP
|
|
The
|
|
.B TTYGROUP
|
|
can be either the name of a group or a numeric group identifier.
|
|
.RE
|
|
.PP
|
|
.B HUSHLOGIN_FILE
|
|
(string)
|
|
.RS 4
|
|
If defined, this file can inhibit all the usual chatter during the
|
|
login sequence. If a full pathname (for example,
|
|
.IR /etc\:/hushlogins )
|
|
is specified, then hushed mode will be enabled if the user\'s name or
|
|
shell are found in the file. If this global hush login file is empty
|
|
then the hushed mode will be enabled for all users.
|
|
.PP
|
|
If a full pathname is not specified, then hushed mode will be enabled
|
|
if the file exists in the user\'s home directory.
|
|
.PP
|
|
The default is to check
|
|
.I /etc\:/hushlogins
|
|
and if it does not exist then
|
|
.I \(ti/.hushlogin
|
|
.PP
|
|
If the
|
|
.B HUSHLOGIN_FILE
|
|
item is empty, then all the checks are disabled.
|
|
.RE
|
|
.PP
|
|
.B DEFAULT_HOME
|
|
(boolean)
|
|
.RS 4
|
|
Indicate if login is allowed if we cannot change directory to the
|
|
home directory. If set to
|
|
.IR yes ,
|
|
the user will login in the root (/) directory if it is not possible
|
|
to change directory to their home. The default value is
|
|
.IR yes .
|
|
.RE
|
|
.PP
|
|
.B LASTLOG_UID_MAX
|
|
(unsigned number)
|
|
.RS 4
|
|
Highest user ID number for which the
|
|
.I lastlog
|
|
entries should be updated. As higher user IDs are usually tracked by
|
|
remote user identity and authentication services there is no need to
|
|
create a huge sparse
|
|
.I lastlog
|
|
file for them. No LASTLOG_UID_MAX option present in the
|
|
configuration means that there is no user ID limit for writing
|
|
.I lastlog
|
|
entries. The default value is
|
|
.IR ULONG_MAX .
|
|
.RE
|
|
.PP
|
|
.B LOG_UNKFAIL_ENAB
|
|
(boolean)
|
|
.RS 4
|
|
Enable display of unknown usernames when login failures are recorded.
|
|
The default value is
|
|
.IR no .
|
|
.PP
|
|
Note that logging unknown usernames may be a security issue if a
|
|
user enters their password instead of their login name.
|
|
.RE
|
|
.PP
|
|
.B ENV_PATH
|
|
(string)
|
|
.RS 4
|
|
If set, it will be used to define the
|
|
.B PATH
|
|
environment variable when a regular user logs in. The default value is
|
|
.I /usr\:/local\:/bin:\:/bin:\:/usr\:/bin
|
|
.RE
|
|
.PP
|
|
.B ENV_ROOTPATH
|
|
(string)
|
|
.br
|
|
.B ENV_SUPATH
|
|
(string)
|
|
.RS 4
|
|
If set, it will be used to define the PATH environment variable when the
|
|
superuser logs in. ENV_ROOTPATH takes precedence. The default value is
|
|
.I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin
|
|
.RE
|
|
.SH FILES
|
|
.nf
|
|
.I /var/run/utmp
|
|
.I /var/log/wtmp
|
|
.I /var/log/lastlog
|
|
.I /var/spool/mail/*
|
|
.I /etc/motd
|
|
.I /etc/passwd
|
|
.I /etc/nologin
|
|
.I /etc/pam.d/login
|
|
.I /etc/pam.d/remote
|
|
.I /etc/hushlogins
|
|
.I $HOME/.hushlogin
|
|
.fi
|
|
.SH BUGS
|
|
The undocumented BSD
|
|
.B \-r
|
|
option is not supported. This may be required by some
|
|
.BR rlogind (8)
|
|
programs.
|
|
.PP
|
|
A recursive login, as used to be possible in the good old days, no
|
|
longer works; for most purposes
|
|
.BR su (1)
|
|
is a satisfactory substitute. Indeed, for security reasons,
|
|
.B login
|
|
does a
|
|
.BR vhangup (2)
|
|
system call to remove any possible listening processes on the tty. This is to
|
|
avoid password sniffing. If one uses the command
|
|
.BR login ,
|
|
then the surrounding shell gets killed by
|
|
.BR vhangup (2)
|
|
because it's no longer the true owner of the tty. This can be avoided by using
|
|
.B exec login
|
|
in a top-level shell or xterm.
|
|
.SH AUTHORS
|
|
Derived from BSD login 5.40 (5/9/89) by
|
|
.MT glad@\:daimi.\:dk
|
|
Michael Glad
|
|
.ME
|
|
for HP-UX
|
|
.br
|
|
Ported to Linux 0.12:
|
|
.MT poe@\:daimi.\:aau.\:dk
|
|
Peter Orbaek
|
|
.ME
|
|
.br
|
|
Rewritten to a PAM-only version by
|
|
.MT kzak@\:redhat.\:com
|
|
Karel Zak
|
|
.ME
|
|
.SH SEE ALSO
|
|
.BR mail (1),
|
|
.BR passwd (1),
|
|
.BR passwd (5),
|
|
.BR utmp (5),
|
|
.BR environ (7),
|
|
.BR getty (8),
|
|
.BR init (8),
|
|
.BR lastlog (8)
|
|
.BR shutdown (8)
|
|
.SH AVAILABILITY
|
|
The login command is part of the util-linux package and is available from
|
|
.UR https://\:www.kernel.org\:/pub\:/linux\:/utils\:/util-linux/
|
|
Linux Kernel Archive
|
|
.UE .
|