1 <?xml version="1.0" encoding="UTF-8"?>
3 Copyright (c) 1989 - 1994, Julianne Frances Haugh
4 Copyright (c) 2007 - 2009, Nicolas François
7 Redistribution and use in source and binary forms, with or without
8 modification, are permitted provided that the following conditions
10 1. Redistributions of source code must retain the above copyright
11 notice, this list of conditions and the following disclaimer.
12 2. Redistributions in binary form must reproduce the above copyright
13 notice, this list of conditions and the following disclaimer in the
14 documentation and/or other materials provided with the distribution.
15 3. The name of the copyright holders or contributors may not be used to
16 endorse or promote products derived from this software without
17 specific prior written permission.
19 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
23 HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
25 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
32 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
33 <!ENTITY CONSOLE SYSTEM "login.defs.d/CONSOLE.xml">
34 <!ENTITY CONSOLE_GROUPS SYSTEM "login.defs.d/CONSOLE_GROUPS.xml">
35 <!ENTITY DEFAULT_HOME SYSTEM "login.defs.d/DEFAULT_HOME.xml">
36 <!ENTITY ENV_HZ SYSTEM "login.defs.d/ENV_HZ.xml">
37 <!ENTITY ENV_PATH SYSTEM "login.defs.d/ENV_PATH.xml">
38 <!ENTITY ENV_SUPATH SYSTEM "login.defs.d/ENV_SUPATH.xml">
39 <!ENTITY ENV_TZ SYSTEM "login.defs.d/ENV_TZ.xml">
40 <!ENTITY ENVIRON_FILE SYSTEM "login.defs.d/ENVIRON_FILE.xml">
41 <!ENTITY ERASECHAR SYSTEM "login.defs.d/ERASECHAR.xml">
42 <!ENTITY FAIL_DELAY SYSTEM "login.defs.d/FAIL_DELAY.xml">
43 <!ENTITY FAILLOG_ENAB SYSTEM "login.defs.d/FAILLOG_ENAB.xml">
44 <!ENTITY FAKE_SHELL SYSTEM "login.defs.d/FAKE_SHELL.xml">
45 <!ENTITY FTMP_FILE SYSTEM "login.defs.d/FTMP_FILE.xml">
46 <!ENTITY HUSHLOGIN_FILE SYSTEM "login.defs.d/HUSHLOGIN_FILE.xml">
47 <!ENTITY ISSUE_FILE SYSTEM "login.defs.d/ISSUE_FILE.xml">
48 <!ENTITY KILLCHAR SYSTEM "login.defs.d/KILLCHAR.xml">
49 <!ENTITY LASTLOG_ENAB SYSTEM "login.defs.d/LASTLOG_ENAB.xml">
50 <!ENTITY LOGIN_RETRIES SYSTEM "login.defs.d/LOGIN_RETRIES.xml">
51 <!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
52 <!ENTITY LOGIN_TIMEOUT SYSTEM "login.defs.d/LOGIN_TIMEOUT.xml">
53 <!ENTITY LOG_OK_LOGINS SYSTEM "login.defs.d/LOG_OK_LOGINS.xml">
54 <!ENTITY LOG_UNKFAIL_ENAB SYSTEM "login.defs.d/LOG_UNKFAIL_ENAB.xml">
55 <!ENTITY MAIL_CHECK_ENAB SYSTEM "login.defs.d/MAIL_CHECK_ENAB.xml">
56 <!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
57 <!ENTITY MOTD_FILE SYSTEM "login.defs.d/MOTD_FILE.xml">
58 <!ENTITY NOLOGINS_FILE SYSTEM "login.defs.d/NOLOGINS_FILE.xml">
59 <!ENTITY PORTTIME_CHECKS_ENAB SYSTEM "login.defs.d/PORTTIME_CHECKS_ENAB.xml">
60 <!ENTITY QUOTAS_ENAB SYSTEM "login.defs.d/QUOTAS_ENAB.xml">
61 <!ENTITY TTYGROUP SYSTEM "login.defs.d/TTYGROUP.xml">
62 <!ENTITY TTYTYPE_FILE SYSTEM "login.defs.d/TTYTYPE_FILE.xml">
63 <!ENTITY ULIMIT SYSTEM "login.defs.d/ULIMIT.xml">
64 <!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
65 <!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
67 <refentry id='login.1'>
68 <!-- $Id: login.1.xml 3010 2009-06-04 17:25:18Z nekral-guest $ -->
70 <refentrytitle>login</refentrytitle>
71 <manvolnum>1</manvolnum>
72 <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
74 <refnamediv id='name'>
75 <refname>login</refname>
76 <refpurpose>begin session on the system</refpurpose>
78 <!-- body begins here -->
79 <refsynopsisdiv id='synopsis'>
81 <command>login</command>
82 <arg choice='opt'>-p</arg>
83 <arg choice='opt'>-h <replaceable>host</replaceable></arg>
85 <replaceable>username</replaceable></arg>
86 <arg choice='opt' rep='repeat'> <replaceable>ENV=VAR</replaceable></arg>
89 <command>login</command>
90 <arg choice='opt'>-p</arg>
91 <arg choice='opt'>-h <replaceable>host</replaceable></arg>
92 <arg choice='plain'>-f</arg>
93 <arg choice='plain'><replaceable>username</replaceable></arg>
96 <command>login</command>
97 <arg choice='opt'>-p</arg>
98 <arg choice='plain'>-r <replaceable>host</replaceable></arg>
102 <refsect1 id='description'>
103 <title>DESCRIPTION</title>
105 The <command>login</command> program is used to establish a new session
106 with the system. It is normally invoked automatically by responding to
107 the <emphasis remap='I'>login:</emphasis> prompt on the user's
108 terminal. <command>login</command> may be special to the shell and may
109 not be invoked as a sub-process. When called from a shell,
110 <command>login</command> should be executed as
111 <emphasis remap='B'>exec login</emphasis> which will cause the user
112 to exit from the current shell (and thus will prevent the new logged
113 in user to return to the session of the caller). Attempting to
114 execute <command>login</command> from any shell but the login shell
115 will produce an error message.
119 The user is then prompted for a password, where appropriate. Echoing
120 is disabled to prevent revealing the password. Only a small number of
121 password failures are permitted before <command>login</command> exits
122 and the communications link is severed.
126 If password aging has been enabled for your account, you may be
127 prompted for a new password before proceeding. You will be forced to
128 provide your old password and the new password before continuing.
129 Please refer to <citerefentry>
130 <refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
131 </citerefentry> for more information.
135 After a successful login, you will be informed of any system messages
136 and the presence of mail. You may turn off the printing of the system
137 message file, <filename>/etc/motd</filename>, by creating a
138 zero-length file <filename>.hushlogin</filename> in your login directory.
139 The mail message will be one of "<emphasis>You have new
140 mail.</emphasis>", "<emphasis>You have mail.</emphasis>", or
141 "<emphasis>No Mail.</emphasis>" according to the condition of your
146 Your user and group ID will be set according to their values in the
147 <filename>/etc/passwd</filename> file. The value for
148 <envar>$HOME</envar>, <envar>$SHELL</envar>, <envar>$PATH</envar>,
149 <envar>$LOGNAME</envar>, and <envar>$MAIL</envar> are set according
150 to the appropriate fields in the password entry. Ulimit, umask and nice
151 values may also be set according to entries in the GECOS field.
155 On some installations, the environmental variable
156 <envar>$TERM</envar> will be initialized to the terminal type on
157 your tty line, as specified in <filename>/etc/ttytype</filename>.
161 An initialization script for your command interpreter may also be
162 executed. Please see the appropriate manual section for more
163 information on this function.
167 A subsystem login is indicated by the presence of a "*" as the first
168 character of the login shell. The given home directory will be used as
169 the root of a new file system which the user is actually logged into.
173 The <command>login</command> program is NOT responsible for removing
174 users from the utmp file. It is the responsibility of
175 <citerefentry><refentrytitle>getty</refentrytitle>
176 <manvolnum>8</manvolnum></citerefentry> and
177 <citerefentry><refentrytitle>init</refentrytitle>
178 <manvolnum>8</manvolnum></citerefentry> to clean up apparent ownership
179 of a terminal session. If you use <command>login</command> from the
180 shell prompt without <command>exec</command>, the user you use will
181 continue to appear to be logged in even after you log out of the
187 <refsect1 id='options'>
188 <title>OPTIONS</title>
189 <variablelist remap='IP'>
196 Do not perform authentication, user is preauthenticated.
199 Note: In that case, <replaceable>username</replaceable> is
209 <para>Name of the remote host for this login.</para>
217 <para>Preserve environment.</para>
225 <para>Perform autologin protocol for rlogin.</para>
231 The <option>-r</option>, <option>-h</option> and <option>-f</option>
232 options are only used when <command>login</command> is invoked by
237 <refsect1 id='caveats'>
238 <title>CAVEATS</title>
240 This version of <command>login</command> has many compilation options,
241 only some of which may be in use at any particular site.
244 <para>The location of files is subject to differences in system
249 The <command>login</command> program is NOT responsible for removing
250 users from the utmp file. It is the responsibility of <citerefentry>
251 <refentrytitle>getty</refentrytitle><manvolnum>8</manvolnum>
252 </citerefentry> and <citerefentry>
253 <refentrytitle>init</refentrytitle><manvolnum>8</manvolnum>
254 </citerefentry> to clean up apparent ownership of a terminal session.
255 If you use <command>login</command> from the shell prompt without
256 <command>exec</command>, the user you use will continue to appear to
257 be logged in even after you log out of the "subsession".
261 As with any program, <command>login</command>'s appearance can be faked.
262 If non-trusted users have physical access to a machine, an
263 attacker could use this to obtain the password of the next person
264 coming to sit in front of the machine. Under Linux, the SAK mechanism can be
265 used by users to initiate a trusted path and prevent this kind of
271 <refsect1 id='configuration'>
272 <title>CONFIGURATION</title>
274 The following configuration variables in
275 <filename>/etc/login.defs</filename> change the behavior of this
282 <phrase condition="no_pam">&ENV_HZ;</phrase>
283 <phrase>&ENV_PATH;</phrase>
284 <phrase>&ENV_SUPATH;</phrase>
302 <phrase condition="no_pam">&MAIL_DIR;</phrase>
305 &PORTTIME_CHECKS_ENAB;
307 &TTYGROUP; <!-- documents also TTYPERM -->
310 <phrase condition="no_pam">&UMASK;</phrase>
315 <refsect1 id='files'>
319 <term><filename>/var/run/utmp</filename></term>
321 <para>List of current login sessions.</para>
325 <term><filename>/var/log/wtmp</filename></term>
327 <para>List of previous login sessions.</para>
331 <term><filename>/etc/passwd</filename></term>
333 <para>User account information.</para>
337 <term><filename>/etc/shadow</filename></term>
339 <para>Secure user account information.</para>
343 <term><filename>/etc/motd</filename></term>
345 <para>System message of the day file.</para>
349 <term><filename>/etc/nologin</filename></term>
351 <para>Prevent non-root users from logging in.</para>
355 <term><filename>/etc/ttytype</filename></term>
357 <para>List of terminal types.</para>
361 <term><filename>$HOME/.hushlogin</filename></term>
363 <para>Suppress printing of system messages.</para>
367 <term><filename>/etc/login.defs</filename></term>
369 <para>Shadow password suite configuration.</para>
375 <refsect1 id='see_also'>
376 <title>SEE ALSO</title>
379 <refentrytitle>mail</refentrytitle><manvolnum>1</manvolnum>
382 <refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
385 <refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
388 <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
391 <refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
394 <refentrytitle>nologin</refentrytitle><manvolnum>5</manvolnum>
397 <refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
400 <refentrytitle>securetty</refentrytitle><manvolnum>5</manvolnum>
403 <refentrytitle>getty</refentrytitle><manvolnum>8</manvolnum>