389 lines
9.2 KiB
Groff
389 lines
9.2 KiB
Groff
.\" Copyright 1993 Rickard E. Faith (faith@cs.unc.edu)
|
|
.\" May be distributed under the GNU General Public License
|
|
.TH LOGIN "1" "June 2012" "util-linux" "User Commands"
|
|
.SH NAME
|
|
login \- begin session on the system
|
|
.SH SYNOPSIS
|
|
.B login
|
|
[
|
|
.B \-p
|
|
] [
|
|
.B \-h
|
|
.I host
|
|
] [
|
|
.B \-H
|
|
] [
|
|
.B \-f
|
|
.I username
|
|
|
|
|
.I username
|
|
]
|
|
.SH DESCRIPTION
|
|
.B login
|
|
is used when signing onto a system. If no argument is given,
|
|
.B login
|
|
prompts for the username.
|
|
.PP
|
|
The user is then prompted for a password, where appropriate. Echoing
|
|
is disabled to prevent revealing the password. Only a small number
|
|
of password failures are permitted before
|
|
.B login
|
|
exits and the communications link is severed.
|
|
.PP
|
|
If password aging has been enabled for the account, the user may be
|
|
prompted for a new password before proceeding. He will be forced to
|
|
provide his old password and the new password before continuing.
|
|
Please refer to
|
|
.BR passwd (1)
|
|
for more information.
|
|
.PP
|
|
The user and group ID will be set according to their values in the
|
|
.I /etc/passwd
|
|
file. There is one exception if the user ID is zero: in this case,
|
|
only the primary group ID of the account is set. This should allow
|
|
the system administrator to login even in case of network problems.
|
|
The value for
|
|
.BR $HOME ,
|
|
.BR $USER ,
|
|
.BR $SHELL ,
|
|
.BR $PATH ,
|
|
.BR $LOGNAME ,
|
|
and
|
|
.B $MAIL
|
|
are set according to the appropriate fields in the password entry.
|
|
.B $PATH
|
|
defaults to
|
|
.I /usr\:/local\:/bin:\:/bin:\:/usr\:/bin
|
|
for normal users, and to
|
|
.I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin
|
|
for root, if not otherwise configured.
|
|
.P
|
|
The environment variable
|
|
.B $TERM
|
|
will be preserved, if it exists (other environment variables are
|
|
preserved if the
|
|
.B \-p
|
|
option is given), else it will be initialized to the terminal type on your tty.
|
|
.PP
|
|
Then the user's shell is started. If no shell is specified for the
|
|
user in
|
|
.IR /etc\:/passwd ,
|
|
then
|
|
.I /bin\:/sh
|
|
is used. If there is no directory specified in
|
|
.IR /etc\:/passwd ,
|
|
then
|
|
.I /
|
|
is used (the home directory is checked for the
|
|
.I .hushlogin
|
|
file described below).
|
|
.PP
|
|
If the file
|
|
.I .hushlogin
|
|
exists, then a "quiet" login is performed (this disables the checking
|
|
of mail and the printing of the last login time and message of the
|
|
day). Otherwise, if
|
|
.I /var\:/log\:/lastlog
|
|
exists, the last login time is printed (and the current login is
|
|
recorded).
|
|
.SH OPTIONS
|
|
.TP
|
|
.B \-p
|
|
Used by
|
|
.BR getty (8)
|
|
to tell
|
|
.B login
|
|
not to destroy the environment.
|
|
.TP
|
|
.B \-f
|
|
Used to skip a login authentication. This option is usually
|
|
used by
|
|
.BR getty (8)
|
|
autologin feature.
|
|
.TP
|
|
.B \-h
|
|
Used by other servers (i.e.,
|
|
.BR telnetd (8))
|
|
to pass the name of the remote host to
|
|
.B login
|
|
so that it may be placed in utmp and wtmp. Only the superuser may
|
|
use this option.
|
|
.IP
|
|
Note that the
|
|
.B \-h
|
|
option has impact on the
|
|
.B PAM service
|
|
.BR name .
|
|
The standard service name is
|
|
.IR login ,
|
|
with the
|
|
.B \-h
|
|
option the name is
|
|
.IR remote .
|
|
It is necessary to create proper PAM config files (e.g.,
|
|
.I /etc\:/pam.d\:/login
|
|
and
|
|
.IR /etc\:/pam.d\:/remote ).
|
|
.TP
|
|
.B \-H
|
|
Used by other servers (i.e.,
|
|
.BR telnetd (8))
|
|
to tell
|
|
.B login
|
|
that printing the hostname should be suppressed in the login: prompt.
|
|
See also LOGIN_PLAIN_PROMPT below if your server does not allow to configure
|
|
.B login
|
|
command line.
|
|
.TP
|
|
\fB\-\-help\fR
|
|
Display help text and exit.
|
|
.TP
|
|
\fB\-V\fR, \fB\-\-version\fR
|
|
Display version information and exit.
|
|
.SH CONFIG FILE ITEMS
|
|
.B login
|
|
reads the
|
|
.IR /etc\:/login.defs (5)
|
|
configuration file. Note that the configuration file could be
|
|
distributed with another package (e.g., shadow-utils). The following
|
|
configuration items are relevant for
|
|
.BR login (1):
|
|
.PP
|
|
.B MOTD_FILE
|
|
(string)
|
|
.RS 4
|
|
Specifies a ":" delimited list of "message of the day" files and directories
|
|
to be displayed upon login. If the specified path is a directory then displays
|
|
all files with .motd file extension in version-sort order from the directory.
|
|
.PP
|
|
The default value is
|
|
.IR "/usr/share/misc/motd:/run/motd:/etc/motd" .
|
|
If the
|
|
.B MOTD_FILE
|
|
item is empty or a quiet login is enabled, then the message of the day
|
|
is not displayed. Note that the same functionality is also provided
|
|
by
|
|
.BR pam_motd (8)
|
|
PAM module.
|
|
.PP
|
|
The directories in the
|
|
.B MOTD_FILE
|
|
are supported since version 2.36.
|
|
.PP
|
|
Note that
|
|
.B login
|
|
does not implement any filenames overriding behavior like pam_motd
|
|
(see also MOTD_FIRSTONLY), but all content from all files is displayed. It is
|
|
recommended to keep extra logic in content generators and use /run/motd.d rather
|
|
than rely on overriding behavior hardcoded in system tools.
|
|
.RE
|
|
.PP
|
|
.B MOTD_FIRSTONLY (boolean)
|
|
.RS 4
|
|
Forces
|
|
.B login
|
|
to stop display content specified by
|
|
.B MOTD_FILE
|
|
after first accessible item in the list. Note that a directory is one item in this case.
|
|
This option allows to configure
|
|
.B login
|
|
semantic to be more compatible with pam_motd.
|
|
.RE
|
|
.PP
|
|
.B LOGIN_PLAIN_PROMPT
|
|
(boolean)
|
|
.RS 4
|
|
Tell login that printing the hostname should be suppressed in the login:
|
|
prompt. This is alternative to the \fB\-H\fR command line option. The default
|
|
value is
|
|
.IR no .
|
|
.RE
|
|
.PP
|
|
.B LOGIN_TIMEOUT
|
|
(number)
|
|
.RS 4
|
|
Max time in seconds for login. The default value is
|
|
.IR 60 .
|
|
.RE
|
|
.PP
|
|
.B LOGIN_RETRIES
|
|
(number)
|
|
.RS 4
|
|
Maximum number of login retries in case of a bad password. The default
|
|
value is
|
|
.IR 3 .
|
|
.RE
|
|
.PP
|
|
.B FAIL_DELAY
|
|
(number)
|
|
.RS 4
|
|
Delay in seconds before being allowed another three tries after a
|
|
login failure. The default value is
|
|
.IR 5 .
|
|
.RE
|
|
.PP
|
|
.B TTYPERM
|
|
(string)
|
|
.RS 4
|
|
The terminal permissions. The default value is
|
|
.I 0600
|
|
or
|
|
.I 0620
|
|
if tty group is used.
|
|
.RE
|
|
.PP
|
|
.B TTYGROUP
|
|
(string)
|
|
.RS 4
|
|
The login tty will be owned by the
|
|
.BR TTYGROUP .
|
|
The default value is
|
|
.IR tty .
|
|
If the
|
|
.B TTYGROUP
|
|
does not exist, then the ownership of the terminal is set to the
|
|
user\'s primary group.
|
|
.PP
|
|
The
|
|
.B TTYGROUP
|
|
can be either the name of a group or a numeric group identifier.
|
|
.RE
|
|
.PP
|
|
.B HUSHLOGIN_FILE
|
|
(string)
|
|
.RS 4
|
|
If defined, this file can inhibit all the usual chatter during the
|
|
login sequence. If a full pathname (e.g.,
|
|
.IR /etc\:/hushlogins )
|
|
is specified, then hushed mode will be enabled if the user\'s name or
|
|
shell are found in the file. If this global hush login file is empty
|
|
then the hushed mode will be enabled for all users.
|
|
.PP
|
|
If a full pathname is not specified, then hushed mode will be enabled
|
|
if the file exists in the user\'s home directory.
|
|
.PP
|
|
The default is to check
|
|
.I /etc\:/hushlogins
|
|
and if it does not exist then
|
|
.I ~/.hushlogin
|
|
.PP
|
|
If the
|
|
.B HUSHLOGIN_FILE
|
|
item is empty, then all the checks are disabled.
|
|
.RE
|
|
.PP
|
|
.B DEFAULT_HOME
|
|
(boolean)
|
|
.RS 4
|
|
Indicate if login is allowed if we cannot change directory to the
|
|
home directory. If set to
|
|
.IR yes ,
|
|
the user will login in the root (/) directory if it is not possible
|
|
to change directory to her home. The default value is
|
|
.IR yes .
|
|
.RE
|
|
.PP
|
|
.B LASTLOG_UID_MAX
|
|
(unsigned number)
|
|
.RS 4
|
|
Highest user ID number for which the lastlog entries should be
|
|
updated. As higher user IDs are usually tracked by remote user
|
|
identity and authentication services there is no need to create
|
|
a huge sparse lastlog file for them. No LASTLOG_UID_MAX option
|
|
present in the configuration means that there is no user ID limit
|
|
for writing lastlog entries.
|
|
.RE
|
|
.PP
|
|
.B LOG_UNKFAIL_ENAB
|
|
(boolean)
|
|
.RS 4
|
|
Enable display of unknown usernames when login failures are recorded.
|
|
The default value is
|
|
.IR no .
|
|
.PP
|
|
Note that logging unknown usernames may be a security issue if a
|
|
user enters her password instead of her login name.
|
|
.RE
|
|
.PP
|
|
.B ENV_PATH
|
|
(string)
|
|
.RS 4
|
|
If set, it will be used to define the PATH environment variable when
|
|
a regular user logs in. The default value is
|
|
.I /usr\:/local\:/bin:\:/bin:\:/usr\:/bin
|
|
.RE
|
|
.PP
|
|
.B ENV_ROOTPATH
|
|
(string)
|
|
.br
|
|
.B ENV_SUPATH
|
|
(string)
|
|
.RS 4
|
|
If set, it will be used to define the PATH environment variable when
|
|
the superuser logs in. ENV_ROOTPATH takes precedence. The default value is
|
|
.I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin
|
|
.RE
|
|
.SH FILES
|
|
.nf
|
|
.I /var/run/utmp
|
|
.I /var/log/wtmp
|
|
.I /var/log/lastlog
|
|
.I /var/spool/mail/*
|
|
.I /etc/motd
|
|
.I /etc/passwd
|
|
.I /etc/nologin
|
|
.I /etc/pam.d/login
|
|
.I /etc/pam.d/remote
|
|
.I /etc/hushlogins
|
|
.I .hushlogin
|
|
.fi
|
|
.SH BUGS
|
|
The undocumented BSD
|
|
.B \-r
|
|
option is not supported. This may be required by some
|
|
.BR rlogind (8)
|
|
programs.
|
|
.PP
|
|
A recursive login, as used to be possible in the good old days, no
|
|
longer works; for most purposes
|
|
.BR su (1)
|
|
is a satisfactory substitute. Indeed, for security reasons, login
|
|
does a vhangup() system call to remove any possible listening
|
|
processes on the tty. This is to avoid password sniffing. If one
|
|
uses the command
|
|
.BR login ,
|
|
then the surrounding shell gets killed by vhangup() because it's no
|
|
longer the true owner of the tty. This can be avoided by using
|
|
.B exec login
|
|
in a top-level shell or xterm.
|
|
.SH AUTHORS
|
|
Derived from BSD login 5.40 (5/9/89) by
|
|
.MT glad@\:daimi.\:dk
|
|
Michael Glad
|
|
.ME
|
|
for HP-UX
|
|
.br
|
|
Ported to Linux 0.12:
|
|
.MT poe@\:daimi.\:aau.\:dk
|
|
Peter Orbaek
|
|
.ME
|
|
.br
|
|
Rewritten to a PAM-only version by
|
|
.MT kzak@\:redhat.\:com
|
|
Karel Zak
|
|
.ME
|
|
.SH SEE ALSO
|
|
.BR mail (1),
|
|
.BR passwd (1),
|
|
.BR passwd (5),
|
|
.BR environ (7),
|
|
.BR getty (8),
|
|
.BR init (8),
|
|
.BR shutdown (8)
|
|
.SH AVAILABILITY
|
|
The login command is part of the util-linux package and is
|
|
available from
|
|
.UR https://\:www.kernel.org\:/pub\:/linux\:/utils\:/util-linux/
|
|
Linux Kernel Archive
|
|
.UE .
|