Section (1) login
Name
login — begin session on the system
Synopsis
login
[−p
] [ −h
host ] [−H
] [ −f
username | username ]
DESCRIPTION
login is used when signing onto a system. If no argument is given, login prompts for the username.
The user is then prompted for a password, where appropriate. Echoing is disabled to prevent revealing the password. Only a small number of password failures are permitted before login exits and the communications link is severed.
If password aging has been enabled for the account, the user may be prompted for a new password before proceeding. He will be forced to provide his old password and the new password before continuing. Please refer to passwd(1) for more information.
The user and group ID will be set according to their
values in the /etc/passwd
file.
There is one exception if the user ID is zero: in this case,
only the primary group ID of the account is set. This should
allow the system administrator to login even in case of
network problems. The value for $HOME
, $USER
, $SHELL
, $PATH
, $LOGNAME
, and $MAIL
are set according to
the appropriate fields in the password entry. $PATH
defaults to
/usr/local/bin:/bin:/usr/bin
for normal users, and to /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
for root, if not otherwise configured.
The environment variable $TERM
will be preserved, if
it exists (other environment variables are preserved if the
−p
option is given), else
it will be initialized to the terminal type on your tty.
Then the user_zsingle_quotesz_s shell is started. If no shell is specified
for the user in /etc/passwd
,
then /bin/sh
is used. If there
is no directory specified in /etc/passwd
, then /
is used (the home directory is checked
for the .hushlogin
file described below).
If the file .hushlogin
exists, then a
quiet login is performed (this disables the checking of
mail and the printing of the last login time and message of
the day). Otherwise, if /var/log/lastlog
exists, the last login
time is printed (and the current login is recorded).
OPTIONS
−p
-
Used by getty(8) to tell login not to destroy the environment.
−f
-
Used to skip a second login authentication. This specifically does not work for root, and does not appear to work well under Linux.
−h
-
Used by other servers (i.e., telnetd(8)) to pass the name of the remote host to login so that it may be placed in utmp and wtmp. Only the superuser may use this option.
Note that the
−h
option has impact on the PAM service name. The standard service name is login, with the−h
option the name is remote. It is necessary to create proper PAM config files (e.g./etc/pam.d/login
and/etc/pam.d/remote
). −H
-
Used by other servers (i.e., telnetd(8)) to tell login that printing the hostname should be suppressed in the login: prompt. See also LOGIN_PLAIN_PROMPT below if your server does not allow to configure login command line.
−−help
-
Display help text and exit.
−V
,−−version
-
Display version information and exit.
CONFIG FILE ITEMS
login reads
the /etc/login.defs
) configuration
file. Note that the configuration file could be distributed
with another package (e.g. shadow-utils). The following
configuration items are relevant for login(1):(5
MOTD_FILE
(string)
If defined, a : delimited list of message of the day files to be displayed upon login. The default value is
/etc/motd
. If theMOTD_FILE
item is empty or a quiet login is enabled, then the message of the day is not displayed. Note that the same functionality is also provided by pam_motd(8) PAM module.
LOGIN_PLAIN_PROMPT
(boolean)
Tell login that printing the hostname should be suppressed in the login: prompt. This is alternative to the
−H
command line option. The default value is no.
LOGIN_TIMEOUT
(number)
Max time in seconds for login. The default value is
60
.
LOGIN_RETRIES
(number)
Maximum number of login retries in case of a bad password. The default value is
3
.
FAIL_DELAY
(number)
Delay in seconds before being allowed another three tries after a login failure. The default value is
5
.
TTYPERM
(string)
The terminal permissions. The default value is
0600
or0620
if tty group is used.
TTYGROUP
(string)
The login tty will be owned by the
TTYGROUP
. The default value is tty. If theTTYGROUP
does not exist, then the ownership of the terminal is set to the user_zsingle_quotesz_s primary group.The
TTYGROUP
can be either the name of a group or a numeric group identifier.
HUSHLOGIN_FILE
(string)
If defined, this file can inhibit all the usual chatter during the login sequence. If a full pathname (e.g.
/etc/hushlogins
) is specified, then hushed mode will be enabled if the user_zsingle_quotesz_s name or shell are found in the file. If this global hush login file is empty then the hushed mode will be enabled for all users.If a full pathname is not specified, then hushed mode will be enabled if the file exists in the user_zsingle_quotesz_s home directory.
The default is to check
/etc/hushlogins
and if it does not exist then~/.hushlogin
If the
HUSHLOGIN_FILE
item is empty, then all the checks are disabled.
DEFAULT_HOME
(boolean)
Indicate if login is allowed if we cannot change directory to the home directory. If set to yes, the user will login in the root (/) directory if it is not possible to change directory to her home. The default value is yes.
LOG_UNKFAIL_ENAB
(boolean)
Enable display of unknown usernames when login failures are recorded. The default value is no.
Note that logging unknown usernames may be a security issue if a user enters her password instead of her login name.
ENV_PATH
(string)
If set, it will be used to define the PATH environment variable when a regular user logs in. The default value is
/usr/local/bin:/bin:/usr/bin
ENV_ROOTPATH
(string)
ENV_SUPATH
(string)
If set, it will be used to define the PATH environment variable when the superuser logs in. The default value is
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
FILES
/var/run/utmp
/var/log/wtmp
/var/log/lastlog
/var/spool/mail/*
/etc/motd
/etc/passwd
/etc/nologin
/etc/pam.d/login
/etc/pam.d/remote
/etc/hushlogins
.hushlogin
BUGS
The undocumented BSD −r
option is not supported. This may be required by some
rlogind(8) programs.
A recursive login, as used to be possible in the good old days, no longer works; for most purposes su(1) is a satisfactory substitute. Indeed, for security reasons, login does a vhangup() system call to remove any possible listening processes on the tty. This is to avoid password sniffing. If one uses the command login, then the surrounding shell gets killed by vhangup() because it_zsingle_quotesz_s no longer the true owner of the tty. This can be avoided by using exec login in a top-level shell or xterm.
AUTHOR
Derived from BSD login 5.40 (5/9/89) by Michael Glad for HP-UX
Ported to Linux 0.12: Peter Orbaek
Rewritten to a PAM-only version by Karel Zak
AVAILABILITY
The login command is part of the util-linux package and is available from Linux Kernel Archive
Copyright 1993 Rickard E. Faith (faithcs.unc.edu) May be distributed under the GNU General Public License |
Section (3) login
Name
login, logout — write utmp and wtmp entries
Synopsis
#include <utmp.h>
void
login( |
const struct utmp *ut) ; |
int
logout( |
const char *ut_line) ; |
![]() |
Note |
---|---|
Link with |
DESCRIPTION
The utmp file records who is currently using the system. The wtmp file records all logins and logouts. See utmp(5).
The function login
() takes
the supplied struct
utmp, ut
,
and writes it to both the utmp and the wtmp file.
The function logout
() clears
the entry in the utmp file again.
GNU details
More precisely, login
()
takes the argument ut
struct, fills the field
ut−>ut_type
(if
there is such a field) with the value USER_PROCESS
, and fills the field
ut−>ut_pid
(if
there is such a field) with the process ID of the calling
process. Then it tries to fill the field ut−>ut_line
. It
takes the first of stdin
,
stdout
, stderr
that is a terminal, and stores the
corresponding pathname minus a possible leading
/dev/
into this field, and
then writes the struct to the utmp file. On the other hand,
if no terminal name was found, this field is filled with
??? and the struct is not written to the utmp file. After
this, the struct is written to the wtmp file.
The logout
() function
searches the utmp file for an entry matching the ut_line
argument. If a record
is found, it is updated by zeroing out the ut_name
and ut_host
fields, updating the ut_tv
timestamp field and setting
ut_type
(if there is such a
field) to DEAD_PROCESS
.
RETURN VALUE
The logout
() function
returns 1 if the entry was successfully written to the
database, or 0 if an error occurred.
FILES
/var/run/utmp
-
user accounting database, configured through
_PATH_UTMP
in<
paths.h
>
/var/log/wtmp
-
user accounting log file, configured through
_PATH_WTMP
in<
paths.h
>
ATTRIBUTES
For an explanation of the terms used in this section, see attributes(7).
Interface | Attribute | Value |
|
Thread safety |
MT-Unsafe race:utent sig:ALRM timer |
In the above table, utent
in
race:utent
signifies that if any of the functions setutent(3), getutent(3), or endutent(3) are used in
parallel in different threads of a program, then data races
could occur. login
() and
logout
() calls those functions,
so we use race:utent to remind users.
NOTES
Note that the member ut_user
of struct utmp is
called ut_name
in BSD.
Therefore, ut_name
is defined as
an alias for ut_user
in
<
utmp.h
>
COLOPHON
This page is part of release 4.16 of the Linux man-pages
project. A
description of the project, information about reporting bugs,
and the latest version of this page, can be found at
https://www.kernel.org/doc/man−pages/.
Derived from text written by Martin Schulze (or taken from glibc.info) and text written by Paul Thompson - both copyright 2002. %%%LICENSE_START(GPLv2+_DOC_FULL) This is free documentation; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. The GNU General Public License_zsingle_quotesz_s references to object code and executables are to be interpreted as the output of any document formatting or typesetting system, including intermediate and printed output. This manual is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this manual; if not, see <http://www.gnu.org/licenses/>. %%%LICENSE_END |