Another version of this page is provided by the shadow-utils project
|
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | CONFIG FILE ITEMS | FILES | SEE ALSO | BUGS | AUTHOR | AVAILABILITY | COLOPHON |
LOGIN(1) User Commands LOGIN(1)
login - begin session on the system
login [ -p ] [ -h host ] [ -H ] [ -f username | username ]
login is used when signing onto a system. If no argument is given,
login prompts for the username.
The user is then prompted for a password, where appropriate. Echoing
is disabled to prevent revealing the password. Only a small number
of password failures are permitted before login exits and the
communications link is severed.
If password aging has been enabled for the account, the user may be
prompted for a new password before proceeding. He will be forced to
provide his old password and the new password before continuing.
Please refer to passwd(1) for more information.
The user and group ID will be set according to their values in the
/etc/passwd file. There is one exception if the user ID is zero: in
this case, only the primary group ID of the account is set. This
should allow the system administrator to login even in case of
network problems. The value for $HOME, $USER, $SHELL, $PATH,
$LOGNAME, and $MAIL are set according to the appropriate fields in
the password entry. $PATH defaults to /usr/local/bin:/bin:/usr/bin
for normal users, and to /usr/local/sbin:/usr/local/bin:/sbin:/bin:
/usr/sbin:/usr/bin for root, if not otherwise configured.
The environment variable $TERM will be preserved, if it exists (other
environment variables are preserved if the -p option is given), else
it will be initialized to the terminal type on your tty.
Then the user's shell is started. If no shell is specified for the
user in /etc/passwd, then /bin/sh is used. If there is no directory
specified in /etc/passwd, then / is used (the home directory is
checked for the .hushlogin file described below).
If the file .hushlogin exists, then a "quiet" login is performed
(this disables the checking of mail and the printing of the last
login time and message of the day). Otherwise, if /var/log/lastlog
exists, the last login time is printed (and the current login is
recorded).
-p Used by getty(8) to tell login not to destroy the environment.
-f Used to skip a second login authentication. This specifically
does not work for root, and does not appear to work well under
Linux.
-h Used by other servers (i.e., telnetd(8)) to pass the name of
the remote host to login so that it may be placed in utmp and
wtmp. Only the superuser may use this option.
Note that the -h option has impact on the PAM service name.
The standard service name is login, with the -h option the
name is remote. It is necessary to create proper PAM config
files (e.g. /etc/pam.d/login and /etc/pam.d/remote).
-H Used by other servers (i.e., telnetd(8)) to tell login that
printing the hostname should be suppressed in the login:
prompt.
--help Display help text and exit.
-V, --version
Display version information and exit.
login reads the /etc/login.defs(5) configuration file. Note that the
configuration file could be distributed with another package (e.g.
shadow-utils). The following configuration items are relevant for
login(1):
MOTD_FILE (string)
If defined, a ":" delimited list of "message of the day" files to
be displayed upon login. The default value is /etc/motd. If the
MOTD_FILE item is empty or a quiet login is enabled, then the
message of the day is not displayed. Note that the same
functionality is also provided by pam_motd(8) PAM module.
LOGIN_TIMEOUT (number)
Max time in seconds for login. The default value is 60.
LOGIN_RETRIES (number)
Maximum number of login retries in case of a bad password. The
default value is 3.
FAIL_DELAY (number)
Delay in seconds before being allowed another three tries after a
login failure. The default value is 5.
TTYPERM (string)
The terminal permissions. The default value is 0600 or 0620 if
tty group is used.
TTYGROUP (string)
The login tty will be owned by the TTYGROUP. The default value
is tty. If the TTYGROUP does not exist, then the ownership of
the terminal is set to the user´s primary group.
The TTYGROUP can be either the name of a group or a numeric group
identifier.
HUSHLOGIN_FILE (string)
If defined, this file can inhibit all the usual chatter during
the login sequence. If a full pathname (e.g. /etc/hushlogins)
is specified, then hushed mode will be enabled if the user´s name
or shell are found in the file. If this global hush login file
is empty then the hushed mode will be enabled for all users.
If a full pathname is not specified, then hushed mode will be
enabled if the file exists in the user´s home directory.
The default is to check /etc/hushlogins and if it does not exist
then ~/.hushlogin
If the HUSHLOGIN_FILE item is empty, then all the checks are
disabled.
DEFAULT_HOME (boolean)
Indicate if login is allowed if we cannot change directory to the
home directory. If set to yes, the user will login in the root
(/) directory if it is not possible to change directory to her
home. The default value is yes.
LOG_UNKFAIL_ENAB (boolean)
Enable display of unknown usernames when login failures are
recorded. The default value is no.
Note that logging unknown usernames may be a security issue if a
user enters her password instead of her login name.
ENV_PATH (string)
If set, it will be used to define the PATH environment variable
when a regular user logs in. The default value is /usr/local
/bin:/bin:/usr/bin
ENV_ROOTPATH (string)
ENV_SUPATH (string)
If set, it will be used to define the PATH environment variable
when the superuser logs in. The default value is /usr/local
/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
/var/run/utmp
/var/log/wtmp
/var/log/lastlog
/var/spool/mail/*
/etc/motd
/etc/passwd
/etc/nologin
/etc/pam.d/login
/etc/pam.d/remote
/etc/hushlogins
.hushlogin
mail(1), passwd(1), passwd(5), environ(7), getty(8), init(8),
shutdown(8)
The undocumented BSD -r option is not supported. This may be
required by some rlogind(8) programs.
A recursive login, as used to be possible in the good old days, no
longer works; for most purposes su(1) is a satisfactory substitute.
Indeed, for security reasons, login does a vhangup() system call to
remove any possible listening processes on the tty. This is to avoid
password sniffing. If one uses the command login, then the
surrounding shell gets killed by vhangup() because it's no longer the
true owner of the tty. This can be avoided by using exec login in a
top-level shell or xterm.
Derived from BSD login 5.40 (5/9/89) by Michael Glad ⟨glad@daimi.dk⟩
for HP-UX
Ported to Linux 0.12: Peter Orbaek ⟨poe@daimi.aau.dk⟩
Rewritten to a PAM-only version by Karel Zak ⟨kzak@redhat.com⟩
The login command is part of the util-linux package and is available
from Linux Kernel Archive
⟨https://www.kernel.org/pub/linux/utils/util-linux/⟩.
This page is part of the util-linux (a random collection of Linux
utilities) project. Information about the project can be found at
⟨https://www.kernel.org/pub/linux/utils/util-linux/⟩. If you have a
bug report for this manual page, send it to
util-linux@vger.kernel.org. This page was obtained from the
project's upstream Git repository
⟨git://git.kernel.org/pub/scm/utils/util-linux/util-linux.git⟩ on
2017-07-05. If you discover any rendering problems in this HTML ver‐
sion of the page, or you believe there is a better or more up-to-date
source for the page, or you have corrections or improvements to the
information in this COLOPHON (which is not part of the original man‐
ual page), send a mail to man-pages@man7.org
util-linux June 2012 LOGIN(1)
Pages that refer to this page: ac(1), bash(1), chsh(1), intro(1), last(1@@util-linux), login(1), mesg(1), newgrp(1), newgrp(1@@util-linux), openvt(1), sg(1), su(1@@shadow-utils), ul(1), crypt(3), pam(3), ttyslot(3), group(5), login.defs(5), motd(5), nologin(5), passwd(5), passwd(5@@shadow-utils), proc(5), securetty(5), shadow(5), systemd.exec(5), utmp(5), environ(7), ac(8), agetty(8), faillog(8), nologin(8), nologin(8@@shadow-utils), PAM(8)