| .\" Copyright 1993 Rickard E. Faith (faith@cs.unc.edu) |
| .\" May be distributed under the GNU General Public License |
| .TH LOGIN "1" "June 2012" "util-linux" "User Commands" |
| .SH NAME |
| login \- begin session on the system |
| .SH SYNOPSIS |
| .B login |
| [ |
| .BR \-p |
| ] [ |
| .BR \-h |
| .IR host |
| ] [ |
| .BR \-H |
| ] [ |
| .BR \-f |
| .IR username |
| | |
| .IR username |
| ] |
| .SH DESCRIPTION |
| .B login |
| is used when signing onto a system. If no argument is given, |
| .B login |
| prompts for the username. |
| .PP |
| The user is then prompted for a password, where appropriate. Echoing |
| is disabled to prevent revealing the password. Only a small number |
| of password failures are permitted before |
| .B login |
| exits and the communications link is severed. |
| .PP |
| If password aging has been enabled for the account, the user may be |
| prompted for a new password before proceeding. He will be forced to |
| provide his old password and the new password before continuing. |
| Please refer to |
| .BR passwd (1) |
| for more information. |
| .PP |
| The user and group ID will be set according to their values in the |
| .I /etc/passwd |
| file. There is one exception if the user ID is zero: in this case, |
| only the primary group ID of the account is set. This should allow |
| the system administrator to login even in case of network problems. |
| The value for |
| .BR $HOME , |
| .BR $USER , |
| .BR $SHELL , |
| .BR $PATH , |
| .BR $LOGNAME , |
| and |
| .B $MAIL |
| are set according to the appropriate fields in the password entry. |
| .B $PATH |
| defaults to |
| .I /usr\:/local\:/bin:\:/bin:\:/usr\:/bin |
| for normal users, and to |
| .I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin |
| for root, if not otherwise configured. |
| .P |
| The environment variable |
| .B $TERM |
| will be preserved, if it exists (other environment variables are |
| preserved if the |
| .B \-p |
| option is given), else it will be initialized to the terminal type on your tty. |
| .PP |
| Then the user's shell is started. If no shell is specified for the |
| user in |
| .IR /etc\:/passwd , |
| then |
| .I /bin\:/sh |
| is used. If there is no directory specified in |
| .IR /etc\:/passwd , |
| then |
| .I / |
| is used (the home directory is checked for the |
| .I .hushlogin |
| file described below). |
| .PP |
| If the file |
| .I .hushlogin |
| exists, then a "quiet" login is performed (this disables the checking |
| of mail and the printing of the last login time and message of the |
| day). Otherwise, if |
| .I /var\:/log\:/lastlog |
| exists, the last login time is printed (and the current login is |
| recorded). |
| .SH OPTIONS |
| .TP |
| .B \-p |
| Used by |
| .BR getty (8) |
| to tell |
| .B login |
| not to destroy the environment. |
| .TP |
| .B \-f |
| Used to skip a second login authentication. This specifically does |
| .B not |
| work for root, and does not appear to work well under Linux. |
| .TP |
| .B \-h |
| Used by other servers (i.e., |
| .BR telnetd (8)) |
| to pass the name of the remote host to |
| .B login |
| so that it may be placed in utmp and wtmp. Only the superuser may |
| use this option. |
| .IP |
| Note that the |
| .B \-h |
| option has impact on the |
| .B PAM service |
| .BR name . |
| The standard service name is |
| .IR login , |
| with the |
| .B \-h |
| option the name is |
| .IR remote . |
| It is necessary to create proper PAM config files (e.g. |
| .I /etc\:/pam.d\:/login |
| and |
| .IR /etc\:/pam.d\:/remote ). |
| .TP |
| .B \-H |
| Used by other servers (i.e., |
| .BR telnetd (8)) |
| to tell |
| .B login |
| that printing the hostname should be suppressed in the login: prompt. |
| .TP |
| .B \-V |
| Display version information and exit. |
| .SH CONFIG FILE ITEMS |
| .B login |
| reads the |
| .IR /etc\:/login.defs (5) |
| configuration file. Note that the configuration file could be |
| distributed with another package (e.g. shadow-utils). The following |
| configuration items are relevant for |
| .BR login (1): |
| .PP |
| .B MOTD_FILE |
| (string) |
| .RS 4 |
| If defined, a ":" delimited list of "message of the day" files to be |
| displayed upon login. The default value is |
| .IR /etc\:/motd . |
| If the |
| .B MOTD_FILE |
| item is empty or a quiet login is enabled, then the message of the day |
| is not displayed. Note that the same functionality is also provided |
| by |
| .BR pam_motd (8) |
| PAM module. |
| .RE |
| .PP |
| .B LOGIN_TIMEOUT |
| (number) |
| .RS 4 |
| Max time in seconds for login. The default value is |
| .IR 60 . |
| .RE |
| .PP |
| .B LOGIN_RETRIES |
| (number) |
| .RS 4 |
| Maximum number of login retries in case of a bad password. The default |
| value is |
| .IR 3 . |
| .RE |
| .PP |
| .B FAIL_DELAY |
| (number) |
| .RS 4 |
| Delay in seconds before being allowed another three tries after a |
| login failure. The default value is |
| .IR 5 . |
| .RE |
| .PP |
| .B TTYPERM |
| (string) |
| .RS 4 |
| The terminal permissions. The default value is |
| .IR 0600 |
| or |
| .IR 0620 |
| if tty group is used. |
| .RE |
| .PP |
| .B TTYGROUP |
| (string) |
| .RS 4 |
| The login tty will be owned by the |
| .BR TTYGROUP . |
| The default value is |
| .IR tty . |
| If the |
| .B TTYGROUP |
| does not exist, then the ownership of the terminal is set to the |
| user\'s primary group. |
| .PP |
| The |
| .B TTYGROUP |
| can be either the name of a group or a numeric group identifier. |
| .RE |
| .PP |
| .B HUSHLOGIN_FILE |
| (string) |
| .RS 4 |
| If defined, this file can inhibit all the usual chatter during the |
| login sequence. If a full pathname (e.g. |
| .IR /etc\:/hushlogins ) |
| is specified, then hushed mode will be enabled if the user\'s name or |
| shell are found in the file. If this global hush login file is empty |
| then the hushed mode will be enabled for all users. |
| .PP |
| If a full pathname is not specified, then hushed mode will be enabled |
| if the file exists in the user\'s home directory. |
| .PP |
| The default is to check |
| .I /etc\:/hushlogins |
| and if it does not exist then |
| .I ~/.hushlogin |
| .PP |
| If the |
| .B HUSHLOGIN_FILE |
| item is empty, then all the checks are disabled. |
| .RE |
| .PP |
| .B DEFAULT_HOME |
| (boolean) |
| .RS 4 |
| Indicate if login is allowed if we cannot change directory to the |
| home directory. If set to |
| .IR yes , |
| the user will login in the root (/) directory if it is not possible |
| to change directory to her home. The default value is |
| .IR yes . |
| .RE |
| .PP |
| .B LOG_UNKFAIL_ENAB |
| (boolean) |
| .RS 4 |
| Enable display of unknown usernames when login failures are recorded. |
| The default value is |
| .IR no . |
| .PP |
| Note that logging unknown usernames may be a security issue if a |
| user enters her password instead of her login name. |
| .RE |
| .PP |
| .B ENV_PATH |
| (string) |
| .RS 4 |
| If set, it will be used to define the PATH environment variable when |
| a regular user logs in. The default value is |
| .I /usr\:/local\:/bin:\:/bin:\:/usr\:/bin |
| .RE |
| .PP |
| .B ENV_ROOTPATH |
| (string) |
| .br |
| .B ENV_SUPATH |
| (string) |
| .RS 4 |
| If set, it will be used to define the PATH environment variable when |
| the superuser logs in. The default value is |
| .I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin |
| .RE |
| .SH FILES |
| .nf |
| .I /var/run/utmp |
| .I /var/log/wtmp |
| .I /var/log/lastlog |
| .I /var/spool/mail/* |
| .I /etc/motd |
| .I /etc/passwd |
| .I /etc/nologin |
| .I /etc/pam.d/login |
| .I /etc/pam.d/remote |
| .I /etc/hushlogins |
| .I .hushlogin |
| .fi |
| .SH "SEE ALSO" |
| .BR mail (1), |
| .BR passwd (1), |
| .BR passwd (5), |
| .BR environ (7), |
| .BR getty (8), |
| .BR init (8), |
| .BR shutdown (8) |
| .SH BUGS |
| The undocumented BSD |
| .B \-r |
| option is not supported. This may be required by some |
| .BR rlogind (8) |
| programs. |
| .PP |
| A recursive login, as used to be possible in the good old days, no |
| longer works; for most purposes |
| .BR su (1) |
| is a satisfactory substitute. Indeed, for security reasons, login |
| does a vhangup() system call to remove any possible listening |
| processes on the tty. This is to avoid password sniffing. If one |
| uses the command |
| .BR login , |
| then the surrounding shell gets killed by vhangup() because it's no |
| longer the true owner of the tty. This can be avoided by using |
| .B exec login |
| in a top-level shell or xterm. |
| .SH AUTHOR |
| Derived from BSD login 5.40 (5/9/89) by |
| .MT glad@\:daimi.\:dk |
| Michael Glad |
| .ME |
| for HP-UX |
| .br |
| Ported to Linux 0.12: |
| .MT poe@\:daimi.\:aau.\:dk |
| Peter Orbaek |
| .ME |
| .br |
| Rewritten to a PAM-only version by |
| .MT kzak@\:redhat.\:com |
| Karel Zak |
| .ME |
| .SH AVAILABILITY |
| The login command is part of the util-linux package and is |
| available from |
| .UR https://\:www.kernel.org\:/pub\:/linux\:/utils\:/util-linux/ |
| Linux Kernel Archive |
| .UE . |