1 README for init/getty/login, by poe@daimi.aau.dk
3 This package contains simpleinit, agetty, and login programs for Linux.
4 Additional utilities included are: hostname, who, write, wall, users
5 domainname, hostid, cage and mesg.
7 Most of this software has been contributed by others, I basically just
8 ported the things to Linux.
10 About installation: See the bottom of this file. Check the Makefile!
11 Be sure you know what you are doing! You may well be able to lock
12 yourself out from your machine. Especially: The init provided here
13 (simpleinit) is NOT a SYSV compatible init and the inittab format
16 If you are uncertain whether you got the latest version, check out
18 ftp://ftp.daimi.aau.dk/pub/linux/poe/
20 Version 1.49 (20-Jun-97)
21 Small patches for new util-linux distribution and glibc compat.
22 PAM support in login.c by Erik Troan.
24 Version 1.48 (6-Jun-97)
25 Now changes mode and owner of /dev/vcs devices for console logins.
26 After idea by Andries Brouwer.
28 Version 1.47 (2-Apr-97)
29 Got new version of hostid.c and hostid.1 from
30 Sander van Malssen <svm@kozmix.ow.nl>.
31 Removed premature endutent() call in login.c, simpleinit.c and
32 agetty.c to be compatible with the changed semantics of gnu libc2.
33 Fix by Jesse Thilo <Jesse.Thilo@pobox.com>.
35 Version 1.46 (28-Jan-97)
36 Several security fixes for login by David Holland (buffer overruns)
37 <dholland@hcs.harvard.edu>
38 Fixed write.c, to handle a terminating period correctly.
39 Re-indented login.c, it was getting too messy.
41 Version 1.45a (16-Dec-96)
42 Better support in login for shadow passwords. Compile with
43 -DSHADOW_PWD if you have <shadow.h>. This is on by default.
44 By Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>.
45 Changed the wtmp locking scheme in login.c,agetty.c,simpleinit.c
46 to flock() /etc/wtmplock instead of the wtmp file directly.
47 This avoids a denial of service attack.
48 Some support for the RB-1 Cryptocard token for challenge/response
49 authentication. This needs a DES library, either Eric Young's
50 libdes, or the Koontz implementation, see cryptocard.c.
51 Initial support patch by Randolph Bentson,
52 <bentson@grieg.seaslug.org>
53 Changed getpass() to use fputs() instead of fprintf().
55 Version 1.44 (13-Nov-96):
56 Made isapty() in checktty.c more resilient to 2.0 systems
57 that haven't re-MAKEDEV'ed their pty devices.
59 Version 1.43 (8-Nov-96):
60 Fix to checktty.c: PTY's are numbered differently after 1.3,
61 blush! Fix by Gerhard Schneider <gs@ilfb.tuwien.ac.at>
63 Version 1.42c (6-Nov-96):
64 Small fix by Gabriel M. Schuyler <schuyler@easiest.com>, to get
65 better syslog messages (1 LOGIN FAILURE instead of 2 LOGIN FAILURES).
66 Patch butchered by me.
68 Version 1.42b (30-Sep-96):
69 Got patch for checktty.c from Christoph Lameter
70 <clameter@miriam.fuller.edu> so it doesn't traverse the groupfile
71 "manually" but uses the getgroups() call, this is more efficient
72 with large groupfiles and NIS/YP.
74 Version 1.42a (24-Sep-96):
75 Added extra syslog() call to login.c to log all good logins.
76 Patch from Steve Philp.
78 Version 1.41 (20-Jul-96):
79 Added security fix to checktty.c by JDS to clear certain lists.
80 Patches butchered and ANSI'fied by me.
81 Added -n option to agetty to avoid the login prompt.
83 Version 1.40a (29-Dec-95):
84 Added -f <issue_file> option to agetty. Patches from Eric Rasmussen
85 <ear@usfirst.org>, but somewhat butchered by me.
87 Version 1.39 (25-Oct-95):
88 Lots of testing and bugfixes in agetty. Now the modem init stuff
89 should finally work (for me). Also wrote modem.agetty as an example
90 on how to use agetty with a modem.
91 Agetty now also supports baud rates of 38400, 57600, 115200 and
94 Version 1.37 (15-Sep-95):
95 Added -I <initstring> and -w options to agetty.c for those that
96 use agetty with modems.
98 Version 1.36 (25-Aug-95):
99 Enhanced /etc/usertty features with group support. Moved this part
100 of login.c to checktty.c. One can now define classes of hosts and
101 ttys and do access checking based on unix-group membership. See
102 login.1. Also time ranges for logins can be specified, for example
105 joe [mon:tue:wed:thu:fri:8-16]@barracuda [mon:tue:wed:thu:fri:0-7:17-23]@joes.pc.at.home [sat:sun:0-23]@joes.pc.at.home
107 says that during working hours, Joe may rlogin from the host
108 barracuda, whereas outside working hours and in weekends Joe may
109 rlogin from his networked PC at home.
111 login.c: failures was not properly initialized, it now is. Also
112 made sure ALL failures are really logged to syslog.
114 Version 1.35 (7-Aug-95):
115 login.c: Much improved features for the usertty file, allows
116 access control based on both hostnames/addresses and line. See the
117 about.usertty file and the man-page.
119 Fixed agetty so it doesn't fiddle with the ut_id field in the
120 utmp record, this should prevent growing utmps on systems with
121 more than 10 login lines. Fix suggested and checked by Alan Wendt
122 <alan@ezlink.com> in his agetty.1.9.1a.
124 Agetty now installs as agetty again, not as getty.
125 Updated man-page for login(1) to document /etc/usertty changes.
127 This has been tested on Linux 1.2.5 with GCC 2.5.8 and libc 4.5.26.
129 Version 1.33a (20-Jun-95):
130 rchatfie@cavern.nmsu.edu ("rc.") suggested that I should remove
131 the #ifndef linux around the special logging of dial-up
132 logins. This is now done, so each login via a serial port
133 generates a separate DIALUP syslog entry.
135 Version 1.33 (5-Jun-95):
136 Patch by Ron Sommeling <sommel@sci.kun.nl> and
137 jlaiho@ichaos.nullnet.fi (Juha Laiho) for agetty.c, used
138 to return a pointer to an automatic variable in get_logname().
139 Many patches from or via Rickard Faith <faith@cs.unc.edu>, fixing
140 man-pages etc, now defaults to using /var/log/wtmp and /var/run/utmp
141 according to the new FSSTND.
143 Fix in login.c for CPU eating bug when a remote telnet client dies
146 This is for Linux 1.2, GCC 2.6.2 or later.
148 Version 1.32b (12-Mar-95):
149 Login now sets the tty group to "tty" instead of "other". Depending
150 on compile-time define USE_TTY_GROUP the tty mode is set to 0620 or
151 0600 instead of 0622. All as per suggestion by Rik Faith and the
153 Write/wall now strips control chars except BEL (\007). Again after
154 suggestion by Rik Faith.
157 Urgent security patch from Alvaro M. Echevarria incorporated into
158 login.c. This is really needed on machines running YP until
159 the libraries are fixed.
162 Login now logs the ip-address of the connecting host to utmp as it
165 Version 1.31b (2-Feb-95):
166 Daniel Quinlan <quinlan@yggdrasil.com> and Ross Biro
167 <biro@yggdrasil.com> suggested a patch to login.c that allows for
168 shell scripts in the shell field of /etc/passwd, so one can now
169 have (as a line in /etc/passwd):
170 bye::1000:1000:Outlogger:/bin:echo Bye
171 Logging in as "bye" with no password simply echoes Bye on the screen.
172 This has applications for pppd/slip.
174 Version 1.31a (28-Oct-94):
175 Scott Telford provided a patch for simpleinit, so executing reboot
176 from singleuser mode won't partially execute /etc/rc before
179 Version 1.30 (17-Sep-94):
180 tobias@server.et-inf.fho-emden.de (Peter Tobias) has made a more
181 advanced hostname command that understands some options such as
182 -f for FQDN etc. I'll not duplicate his work. Use his hostname
185 svm@kozmix.xs4all.nl (Sander van Malssen) provided more features
186 for the /etc/issue file in agetty. \U and \u now expand to the
187 number of current users.
189 It is now possible to state the value of TERM on the agetty command
190 line. This was also provided by Sander.
192 This has been built under Linux 1.1.42 with gcc 2.5.8 and libc 4.5.26.
194 Version 1.29 (18-Aug-94):
195 Finally got around to making a real version after the numerous
196 alpha versions of 1.28. Scott Telford <st@epcc.ed.ac.uk> provided
197 a patch for write(1) to make it look more like BSD write.
199 Fixed login so that the .hushlogin feature works even with real
200 protective users mounted via NFS (ie. where root can't access
201 the user's .hushlogin file).
203 Cleaned up the code to make -Wall bearable.
205 Version 1.28c (21-Jul-94):
206 Rik Faith reminded me that agetty should use the syslog
207 facility. It now does.
209 Version 1.28b (30-May-94):
210 On suggestion from Jeremy Fitzhardinge <jeremy@suite.sw.oz.au>
211 I added -- as option delimiter on args passed from agetty to
212 login. Fixes -froot hole for other login programs. The login
213 program in this package never had that hole.
215 Version 1.28a (16-May-94):
216 bill@goshawk.lanl.gov provided a couple of patches, one fixing
217 terminal setup in agetty, and reboot is now supposed to be
218 in /sbin according to FSSTND.
220 Version 1.27 (10-May-94):
221 Changed login.c, so all bad login attempts are logged, and added
222 usertty security feature. See about.usertty for an explanation.
223 There's no longer a limit of 20 chars in the TERM environment
224 variable. Suggested by Nicolai Langfeldt <janl@math.uio.no>
226 Added #ifdef HAVE_QUOTA around quota checks. Enable them if
227 you have quota stuff in your libraries and kernel.
228 Also re-enabled set/getpriority() calls as we now have them,
229 and have had for a long time...
231 Now wtmp is locked and unlocked around writes to avoid mangling.
232 Due to Jaakko Hyv{tti <HYVATTI@cc.helsinki.fi>.
234 Wrt. agetty: A \o in /etc/issue now inserts the domainname, as
235 set by domainname(1). Sander van Malssen provided this.
236 This is being used under Linux 1.1.9
238 Beefed up the agetty.8 man-page to describe the /etc/issue
239 options. Added man-pages for wall, cage, who.
241 Version 1.26 alpha (25-Apr-94):
242 Added patch from Bill Reynolds <bill@goshawk.lanl.gov> to
243 simpleinit, so it will drop into single user if /etc/rc
244 fails, eg. from fsck.
246 Version 1.25 (9-Feb-94):
247 Agetty should now work with the Linux 0.99pl15a kernel.
248 ECHOCTL and ECHOPRT are no longer set in the termios struct.
249 Also made agetty accept both "tty baudrate" and "baudrate tty"
252 Version 1.24 (23-Jan-94): changes since 1.22
253 Christian von Roques <roques@juliet.ka.sub.org> provided a patch
254 that cleans up the handling of the -L option on agetty.
255 Rik Faith <faith@cs.unc.edu> enhanced several man-pages...
257 Version 1.23 (11-Dec-93): changes since 1.21
258 Mitchum DSouza provided the hostid(1) code. It needs libc 4.4.4 or
259 later and a Linux 0.99.14 kernel or later. It can set and print
260 the world unique hostid of the machine. This may be used in
261 connection with commercial software licenses. God forbid!
262 I added the -v option, and munged the code a bit, so don't blame
263 Mitch if you don't like it.
265 I made the "cage" program. Using this as a shell in the passwd
266 file, enables one to let users log into a chroot'ed environment.
267 For those that have modem logins and are concerned about security.
268 Read the source for further info.
270 "who am i" now works.
272 The login program works with Yellow Pages (aka NIS) simply by
273 linking with an appropriate library containing a proper version
274 of getpwnam() and friends.
276 Version 1.21 (30-Oct-93): changes since 1.20
277 In simpleinit.c: The boottime wtmp record is now written *after*
278 /etc/rc is run, to put a correct timestamp on it.
279 Daniel Thumim <dthumim@mit.edu> suggested this fix.
281 The source and Makefile is prepared for optional installation of
282 binaries in /sbin instead of /etc, and logfiles in /usr/adm instead
283 of /etc. See and change the Makefile to suit your preferences.
284 Rik Faith and Stephen Tweedie inspired this change.
286 Version 1.20 (30-Jul-93): changes since 1.17:
287 Versions 1.18 and 1.19 were never made publically available.
288 Agetty now supports a -L switch that makes it force the CLOCAL flag.
289 This is useful if you have a local terminal attached with a partly
290 wired serial cable that does not pass on the Carrier Detect signal.
292 There's a domainname program like the hostname program; contributed
295 Simpleinit will now write a REBOOT record to wtmp on boot up. Time-
296 zone support is now optional in simpleinit. Both of these patches
297 were made by Scott Telford <st@epcc.ed.ac.uk>.
299 This is for Linux 0.99.11 or later.
301 Version 1.17 (19-May-93): changes since 1.16:
302 Login, simpleinit and write should now work with shadow passwords
303 too. See the Makefile. Thanks to Anders Buch who let me have an
304 account on his SLS based Linux box on the Internet, so I could test
305 this. I should also thank jmorriso@rflab.ee.ubc.ca (John Paul Morrison)
306 who sent me the shadow patch to login.c
308 Version 1.16 (24-Apr-93): changes since 1.15a:
309 Simpleinit now clears the utmp entry associated with the pid's that
310 it reaps if there is one. A few are still using simpleinit and this
311 was a popular demand. It also appends an entry to wtmp
313 Version 1.15a (15-Mar-93): changes since 1.13a:
314 junio@shadow.twinsun.com (Jun Hamano) sent me a one-line fix
315 for occasional mangled issue-output from agetty.
317 Version 1.13a (2-Mar-93): changes since 1.12a:
318 With the new LILO (0.9), there are more than one possible arg
319 to init, so Werner Almesberger <almesber@bernina.ethz.ch>
320 suggested that a loop over argv[] was made in boot_single() in
323 Version 1.12a (24-Feb-93): changes since 1.11:
324 This is for Linux 0.99.6 or later. Built with gcc 2.3.3 and libc4.2
325 jrs@world.std.com (Rick Sladkey) told me that the setenv("TZ",..)
326 in login.c did more harm than good, so I commented it out.
328 Version 1.11a (16-Feb-93): changes since 1.9a:
329 This is for Linux 0.99.5 or later.
330 Anthony Rumble <arumble@extro.ucc.su.OZ.AU> made me avare that
331 the patches for vhangup() from Steven S. Dick didn't quite work,
334 Linus Torvalds provided another patch relating to vhangup, since
335 in newer Linuxen vhangup() doesn't really close all files, so we
336 can't just open the tty's again.
338 Version 1.9a (18-Jan-93): changes since 1.8a:
339 Rick Faith sent me man-pages for most of the untilities in this
340 package. They are now included.
342 Steven S. Dick <ssd@nevets.oau.org> sent me a patch for login.c
343 so DTR won't drop during vhangup() on a modemline.
345 This is completely untested!! I haven't even had the time to
348 Version 1.8a (13-Dec-92): changes since 1.7:
349 This is for Linux 0.98.6 or later. Compiles with gcc2.2.2d7 and libc4.1
351 Bettered write/wall after fix from I forget who. Now wall can have
356 Patched simpleinit.c with patch from Ed Carp, so it sets the timezone
357 from /etc/TZ. Should probably by be /etc/timezone.
359 Sander Van Malssen <sander@kozmix.hacktic.nl> provided a patch
360 for getty, so it can understand certain escapecodes in /etc/issue.
362 I hacked up a very simple substitute for a syslog() call, to try out
363 the logging. If you have a real syslog() and syslogd then use that!
365 The special vhangup.c file is out, it's in the official libc by now.
366 (and even in the libc that I have :-)
368 who, and write are now deprecated, get the better ones from one of
369 the GNU packages, shellutils I think.
371 Some people think that the simple init provided in this package is too
372 spartan, if you think the same, then get the SYSV compatible init
373 from Miquel van Smoorenburg <miquels@maestro.htsa.aha.nl>
374 Simpleinit will probably be deprecated in the future.
376 Version 1.7: 26-Oct-92 changes since 1.6:
377 This is for Linux 0.97PL4 or later.
379 Thanks to Werner Almesberger, init now has support for a
382 Login now supports the -h <hostname> option, used in connection
383 with TCP/IP. (rlogin/telnet)
385 Getty writes an entry to /etc/wtmp when started, so last won't report
386 "still logged in" for tty's that have not been logged into since
387 the last user of that tty logged out. This patch was inspired by
388 Mitchum DSouza. To gain the full benefit of this, get the newest
389 last from the admutils-1.4.tar.Z package or later.
391 Version 1.6 (29-Aug-92): changes since 1.5:
392 This is for Linux 0.97P1+ or later.
394 Login now uses the newly implemented vhangup() sys-call, to prevent
396 An alternative getpass() function is now provided with login, because
397 I was told that the old one in libc didn't work with telnet and
398 or rlogin. I don't have a network or a kernel with TCP/IP so I haven't
399 tested the new one with telnet, but it is derived from BSD sources
400 that are supposed to work with networking.
402 Version 1.5 (12-Aug-92): changes since 1.4
403 This is for Linux 0.97 or later, and has been built with gcc2.2.2
405 This release just puts in a few bugfixes in login.c and simpleinit.c
407 Version 1.4 (4-Jul-92): changes since 1.3:
408 This is for Linux 0.96b, and has been built and tested with gcc 2.2.2.
410 Init now handles the SIGINT signal. When init gets a SIGINT it will
411 call /usr/bin/reboot and thereby gently reboot the machine. This
412 makes sense because after Linux 0.96B-PL1 the key-combination
413 Ctrl-Alt-Del may send a SIGINT to init instead of booting the
414 machine the hard way without syncing or anything.
416 You may want to get the admutils-1.1 package which includes a program
417 that will instruct the kernel to use the "gentle-reboot" procedure.
419 Version 1.3 (14-Jun-92): changes since 1.2:
420 This is for Linux 0.96A.
422 The ioctl(TIOCSWINSZ) has been removed from login.c because it now
425 login.c now supports a lastlog database.
427 Several programs and pieces of source that were included in the 1.2
428 package has been *removed* as they are incorporated into the new
429 libc. Other omitted parts such as last(1) has been replaced by
430 better versions, and can be found in the admutils package.
432 Agetty is now called getty and will be placed in /etc.
434 A few changes has been made to make it possible to compile the
437 Version 1.2 (28-Feb-92): changes since 1.1:
438 This is for Linux 0.12.
440 A couple of problems with simpleinit.c has been solved, thanks to
441 Humberto Zuazaga. So now init groks comments in /etc/inittab, and
442 handles the HUP and TSTP signals properly.
444 I added two small scripts to the distribution: users and mesg.
446 TERM is now carried through from /etc/inittab all the way to the
447 shell. Console tty's are special-cased, so the termcap entry in
448 /etc/inittab is overridden by the setting given at boot-time.
449 This requires a different patch to the kernel than that distributed
452 Login no more sends superfluous chars from a password to the
453 shell. It also properly prints a NL after the password.
455 Agetty didn't set the erase character properly, it does now.
457 A few extra defines has been added to utmp.h
459 Several netters helped discover the bugs in 1.1. Thanks to them
462 Version 1.1 (released 19-Feb-92): Changes since 1.0:
463 A bug in simpleinit.c has been fixed, thanks to Pietro Castelli.
464 The definition of the ut_line field has been changed to track the
465 USG standard more closely, we now strip "/dev/" off the front.
466 Thanks to: Douglas E. Quale and Stephen Gallimore.
468 I have added a getlogin.c library routine, and a write(1) command.
469 I removed the qpl-init stuff. If people want to use it, they should
470 get it from the source. I don't want to hack on it anymore.
472 A couple of people reported problems with getty having problems
473 with serial terminals. That was correct. I borrowed a null-modem
474 from Tommy Thorn, and now the problems should be fixed. It seems
475 that there is kept a lot of garbage in the serial buffers, flush
476 them and it works like a charm. Getty does an ioctl(0, TCFLSH, 2)
479 The write.c code now doubles as code for a wall(1) program.
481 Description of the various files:
483 login.c The login program. This is a portation of BSD login, first
484 to HP-UX 8.0 by Michael Glad (glad@daimi.aau.dk), and
485 to Linux (initially to 0.12) by me.
487 who.c A simple who(1) util. to list utmp. Done by me.
488 You may prefer the GNU who util. with more options
491 hostname.c A hostname(1) command to get and set the hostname. I did
494 domainname.c Like hostname, only reads out or sets the domainname.
496 agetty.c The getty program. From comp.sources.misc, by W.Z. Venema.
499 simpleinit.c A simple init program, written by me. Uses /etc/inittab
501 A "kill -HUP" to init makes it re-read /etc/inittab.
502 A "kill -TSTP" to init makes it stop spawning gettys on the
503 ttys. A second "kill -TSTP" starts it again.
504 A kill -INT to init makes it attempt a reboot of the machine.
505 this works in connection with kernel support for softboot
506 when Ctrl-Alt-Del is pressed.
508 Init will start up in singleuser mode if /etc/singleboot
509 exists at boottime, or if it is given an argument of "single"
510 via eg. LILO. If /etc/securesingle exists it will ask for the
511 root password before starting single user.
513 write.c A write(1) command, used to pass messages between users
514 at different terminals. This code doubles as code for
515 a wall(1) command. Make a symlink: /usr/bin/wall ->
516 /usr/bin/write for this.
518 mesg A tiny shellscript, so you can avoid that other people write
521 users Another script that uses awk(1) and tr(1) to process the
522 output from who(1) into a one-liner.
523 If you don't have awk, but have Perl, this does the same:
525 who | perl -ane 'print "$F[0] "'; echo ""
531 Header, extended with getdtablesize() macro, should go
536 A "make all" should do. At least it does for me.
541 login should go in /bin, if you don't like this change
542 pathnames.h and recompile at least agetty.
544 getty, init Put them in SBINDIR
546 who, hostname, write, wall, mesg, users:
549 securetty login needs this in /etc, defines which ttys that root
550 can login on. This should *never* include ttys{1,2}
552 inittab the simpleinit code needs this in /etc. Note that the syntax
553 of /etc/inittab has little to do with the syntax of a real
554 SysV inittab. Edit this one for your local setup.
556 shells The chsh program will use this if it's placed in /etc. It
557 defines the valid shell-programs. Have one abs. path on
560 You can also do a "make install" as root, but don't just do it because I
561 say so, check the Makefile first.
563 "Make install" will install only the new binaries, and not motd, inittab,
564 securetty and issue. To install these configuration files, do a
567 Getty requires a /dev/console to write errors to. I just made it a symlink
568 to /dev/tty1. Because of a bug in the tty driver this errorlogging may
569 cause the shell on tty1 to logout.
571 Getty will print the contents of /etc/issue if it's present before asking
572 for username. Login will print the contents of /etc/motd after successful
573 login. Login doesn't print /etc/motd, and doesn't check for mail if
574 ~/.hushlogin is present and world readable.
576 If /etc/nologin is present then login will print its contents and disallow
577 any logins except root.
578 It might be a good idea to have a "rm -f /etc/nologin" line in one's
581 If /etc/securetty is present it defines which tty's that root can login on.
583 - Peter (poe@daimi.aau.dk)