diff options
Diffstat (limited to 'login-utils/login.1')
-rw-r--r-- | login-utils/login.1 | 350 |
1 files changed, 350 insertions, 0 deletions
diff --git a/login-utils/login.1 b/login-utils/login.1 new file mode 100644 index 0000000..cb8adde --- /dev/null +++ b/login-utils/login.1 @@ -0,0 +1,350 @@ +.\" Copyright 1993 Rickard E. Faith (faith@cs.unc.edu) +.\" May be distributed under the GNU General Public License +.TH LOGIN "1" "June 2012" "util-linux" "User Commands" +.SH NAME +login \- begin session on the system +.SH SYNOPSIS +.B login +[ +.B \-p +] [ +.B \-h +.I host +] [ +.B \-H +] [ +.B \-f +.I username +| +.I username +] +.SH DESCRIPTION +.B login +is used when signing onto a system. If no argument is given, +.B login +prompts for the username. +.PP +The user is then prompted for a password, where appropriate. Echoing +is disabled to prevent revealing the password. Only a small number +of password failures are permitted before +.B login +exits and the communications link is severed. +.PP +If password aging has been enabled for the account, the user may be +prompted for a new password before proceeding. He will be forced to +provide his old password and the new password before continuing. +Please refer to +.BR passwd (1) +for more information. +.PP +The user and group ID will be set according to their values in the +.I /etc/passwd +file. There is one exception if the user ID is zero: in this case, +only the primary group ID of the account is set. This should allow +the system administrator to login even in case of network problems. +The value for +.BR $HOME , +.BR $USER , +.BR $SHELL , +.BR $PATH , +.BR $LOGNAME , +and +.B $MAIL +are set according to the appropriate fields in the password entry. +.B $PATH +defaults to +.I /usr\:/local\:/bin:\:/bin:\:/usr\:/bin +for normal users, and to +.I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin +for root, if not otherwise configured. +.P +The environment variable +.B $TERM +will be preserved, if it exists (other environment variables are +preserved if the +.B \-p +option is given), else it will be initialized to the terminal type on your tty. +.PP +Then the user's shell is started. If no shell is specified for the +user in +.IR /etc\:/passwd , +then +.I /bin\:/sh +is used. If there is no directory specified in +.IR /etc\:/passwd , +then +.I / +is used (the home directory is checked for the +.I .hushlogin +file described below). +.PP +If the file +.I .hushlogin +exists, then a "quiet" login is performed (this disables the checking +of mail and the printing of the last login time and message of the +day). Otherwise, if +.I /var\:/log\:/lastlog +exists, the last login time is printed (and the current login is +recorded). +.SH OPTIONS +.TP +.B \-p +Used by +.BR getty (8) +to tell +.B login +not to destroy the environment. +.TP +.B \-f +Used to skip a second login authentication. This specifically does +.B not +work for root, and does not appear to work well under Linux. +.TP +.B \-h +Used by other servers (i.e., +.BR telnetd (8)) +to pass the name of the remote host to +.B login +so that it may be placed in utmp and wtmp. Only the superuser may +use this option. +.IP +Note that the +.B \-h +option has impact on the +.B PAM service +.BR name . +The standard service name is +.IR login , +with the +.B \-h +option the name is +.IR remote . +It is necessary to create proper PAM config files (e.g. +.I /etc\:/pam.d\:/login +and +.IR /etc\:/pam.d\:/remote ). +.TP +.B \-H +Used by other servers (i.e., +.BR telnetd (8)) +to tell +.B login +that printing the hostname should be suppressed in the login: prompt. +See also LOGIN_PLAIN_PROMPT below if your server does not allow to configure +.B login +command line. +.TP +\fB\-\-help\fR +Display help text and exit. +.TP +\fB\-V\fR, \fB\-\-version\fR +Display version information and exit. +.SH CONFIG FILE ITEMS +.B login +reads the +.IR /etc\:/login.defs (5) +configuration file. Note that the configuration file could be +distributed with another package (e.g. shadow-utils). The following +configuration items are relevant for +.BR login (1): +.PP +.B MOTD_FILE +(string) +.RS 4 +If defined, a ":" delimited list of "message of the day" files to be +displayed upon login. The default value is +.IR /etc\:/motd . +If the +.B MOTD_FILE +item is empty or a quiet login is enabled, then the message of the day +is not displayed. Note that the same functionality is also provided +by +.BR pam_motd (8) +PAM module. +.RE +.PP +.B LOGIN_PLAIN_PROMPT +(boolean) +.RS 4 +Tell login that printing the hostname should be suppressed in the login: +prompt. This is alternative to the \fB\-H\fR command line option. The default +value is +.IR no . +.RE +.PP +.B LOGIN_TIMEOUT +(number) +.RS 4 +Max time in seconds for login. The default value is +.IR 60 . +.RE +.PP +.B LOGIN_RETRIES +(number) +.RS 4 +Maximum number of login retries in case of a bad password. The default +value is +.IR 3 . +.RE +.PP +.B FAIL_DELAY +(number) +.RS 4 +Delay in seconds before being allowed another three tries after a +login failure. The default value is +.IR 5 . +.RE +.PP +.B TTYPERM +(string) +.RS 4 +The terminal permissions. The default value is +.I 0600 +or +.I 0620 +if tty group is used. +.RE +.PP +.B TTYGROUP +(string) +.RS 4 +The login tty will be owned by the +.BR TTYGROUP . +The default value is +.IR tty . +If the +.B TTYGROUP +does not exist, then the ownership of the terminal is set to the +user\'s primary group. +.PP +The +.B TTYGROUP +can be either the name of a group or a numeric group identifier. +.RE +.PP +.B HUSHLOGIN_FILE +(string) +.RS 4 +If defined, this file can inhibit all the usual chatter during the +login sequence. If a full pathname (e.g. +.IR /etc\:/hushlogins ) +is specified, then hushed mode will be enabled if the user\'s name or +shell are found in the file. If this global hush login file is empty +then the hushed mode will be enabled for all users. +.PP +If a full pathname is not specified, then hushed mode will be enabled +if the file exists in the user\'s home directory. +.PP +The default is to check +.I /etc\:/hushlogins +and if it does not exist then +.I ~/.hushlogin +.PP +If the +.B HUSHLOGIN_FILE +item is empty, then all the checks are disabled. +.RE +.PP +.B DEFAULT_HOME +(boolean) +.RS 4 +Indicate if login is allowed if we cannot change directory to the +home directory. If set to +.IR yes , +the user will login in the root (/) directory if it is not possible +to change directory to her home. The default value is +.IR yes . +.RE +.PP +.B LOG_UNKFAIL_ENAB +(boolean) +.RS 4 +Enable display of unknown usernames when login failures are recorded. +The default value is +.IR no . +.PP +Note that logging unknown usernames may be a security issue if a +user enters her password instead of her login name. +.RE +.PP +.B ENV_PATH +(string) +.RS 4 +If set, it will be used to define the PATH environment variable when +a regular user logs in. The default value is +.I /usr\:/local\:/bin:\:/bin:\:/usr\:/bin +.RE +.PP +.B ENV_ROOTPATH +(string) +.br +.B ENV_SUPATH +(string) +.RS 4 +If set, it will be used to define the PATH environment variable when +the superuser logs in. The default value is +.I /usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin +.RE +.SH FILES +.nf +.I /var/run/utmp +.I /var/log/wtmp +.I /var/log/lastlog +.I /var/spool/mail/* +.I /etc/motd +.I /etc/passwd +.I /etc/nologin +.I /etc/pam.d/login +.I /etc/pam.d/remote +.I /etc/hushlogins +.I .hushlogin +.fi +.SH "SEE ALSO" +.BR mail (1), +.BR passwd (1), +.BR passwd (5), +.BR environ (7), +.BR getty (8), +.BR init (8), +.BR shutdown (8) +.SH BUGS +The undocumented BSD +.B \-r +option is not supported. This may be required by some +.BR rlogind (8) +programs. +.PP +A recursive login, as used to be possible in the good old days, no +longer works; for most purposes +.BR su (1) +is a satisfactory substitute. Indeed, for security reasons, login +does a vhangup() system call to remove any possible listening +processes on the tty. This is to avoid password sniffing. If one +uses the command +.BR login , +then the surrounding shell gets killed by vhangup() because it's no +longer the true owner of the tty. This can be avoided by using +.B exec login +in a top-level shell or xterm. +.SH AUTHOR +Derived from BSD login 5.40 (5/9/89) by +.MT glad@\:daimi.\:dk +Michael Glad +.ME +for HP-UX +.br +Ported to Linux 0.12: +.MT poe@\:daimi.\:aau.\:dk +Peter Orbaek +.ME +.br +Rewritten to a PAM-only version by +.MT kzak@\:redhat.\:com +Karel Zak +.ME +.SH AVAILABILITY +The login command is part of the util-linux package and is +available from +.UR https://\:www.kernel.org\:/pub\:/linux\:/utils\:/util-linux/ +Linux Kernel Archive +.UE . |