summaryrefslogtreecommitdiffstats
path: root/Documentation/poeigl.txt
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--Documentation/poeigl.txt503
1 files changed, 503 insertions, 0 deletions
diff --git a/Documentation/poeigl.txt b/Documentation/poeigl.txt
new file mode 100644
index 0000000..12cae63
--- /dev/null
+++ b/Documentation/poeigl.txt
@@ -0,0 +1,503 @@
+README for init/getty/login, by poe@daimi.aau.dk
+
+This package contains simpleinit, agetty, and login programs for Linux.
+Additional utilities included are: hostname, who, write, wall, users
+domainname, hostid, cage and mesg.
+
+Most of this software has been contributed by others, I basically just
+ported the things to Linux.
+
+Version 1.49 (20-Jun-97)
+ Small patches for new util-linux distribution and glibc compat.
+ PAM support in login.c by Erik Troan.
+
+Version 1.48 (6-Jun-97)
+ Now changes mode and owner of /dev/vcs devices for console logins.
+ After idea by Andries Brouwer.
+
+Version 1.47 (2-Apr-97)
+ Got new version of hostid.c and hostid.1 from
+ Sander van Malssen <svm@kozmix.ow.nl>.
+ Removed premature endutent() call in login.c, simpleinit.c and
+ agetty.c to be compatible with the changed semantics of gnu libc2.
+ Fix by Jesse Thilo <Jesse.Thilo@pobox.com>.
+
+Version 1.46 (28-Jan-97)
+ Several security fixes for login by David Holland (buffer overruns)
+ <dholland@hcs.harvard.edu>
+ Fixed write.c, to handle a terminating period correctly.
+ Re-indented login.c, it was getting too messy.
+
+Version 1.45a (16-Dec-96)
+ Better support in login for shadow passwords. Compile with
+ -DSHADOW_PWD if you have <shadow.h>. This is on by default.
+ By Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>.
+ Changed the wtmp locking scheme in login.c,agetty.c,simpleinit.c
+ to flock() /etc/wtmplock instead of the wtmp file directly.
+ This avoids a denial of service attack.
+ Some support for the RB-1 Cryptocard token for challenge/response
+ authentication. This needs a DES library, either Eric Young's
+ libdes, or the Koontz implementation, see cryptocard.c.
+ Initial support patch by Randolph Bentson,
+ <bentson@grieg.seaslug.org>
+ Changed getpass() to use fputs() instead of fprintf().
+
+Version 1.44 (13-Nov-96):
+ Made isapty() in checktty.c more resilient to 2.0 systems
+ that haven't re-MAKEDEV'ed their pty devices.
+
+Version 1.43 (8-Nov-96):
+ Fix to checktty.c: PTY's are numbered differently after 1.3,
+ blush! Fix by Gerhard Schneider <gs@ilfb.tuwien.ac.at>
+
+Version 1.42c (6-Nov-96):
+ Small fix by Gabriel M. Schuyler <schuyler@easiest.com>, to get
+ better syslog messages (1 LOGIN FAILURE instead of 2 LOGIN FAILURES).
+ Patch butchered by me.
+
+Version 1.42b (30-Sep-96):
+ Got patch for checktty.c from Christoph Lameter
+ <clameter@miriam.fuller.edu> so it doesn't traverse the groupfile
+ "manually" but uses the getgroups() call, this is more efficient
+ with large groupfiles and NIS/YP.
+
+Version 1.42a (24-Sep-96):
+ Added extra syslog() call to login.c to log all good logins.
+ Patch from Steve Philp.
+
+Version 1.41 (20-Jul-96):
+ Added security fix to checktty.c by JDS to clear certain lists.
+ Patches butchered and ANSI'fied by me.
+ Added -n option to agetty to avoid the login prompt.
+
+Version 1.40a (29-Dec-95):
+ Added -f <issue_file> option to agetty. Patches from Eric Rasmussen
+ <ear@usfirst.org>, but somewhat butchered by me.
+
+Version 1.39 (25-Oct-95):
+ Lots of testing and bugfixes in agetty. Now the modem init stuff
+ should finally work (for me). Also wrote modem.agetty as an example
+ on how to use agetty with a modem.
+ Agetty now also supports baud rates of 38400, 57600, 115200 and
+ 230400 bps.
+
+Version 1.37 (15-Sep-95):
+ Added -I <initstring> and -w options to agetty.c for those that
+ use agetty with modems.
+
+Version 1.36 (25-Aug-95):
+ Enhanced /etc/usertty features with group support. Moved this part
+ of login.c to checktty.c. One can now define classes of hosts and
+ ttys and do access checking based on unix-group membership. See
+ login.1. Also time ranges for logins can be specified, for example
+ writing the line
+
+ joe [mon:tue:wed:thu:fri:8-16]@barracuda [mon:tue:wed:thu:fri:0-7:17-23]@joes.pc.at.home [sat:sun:0-23]@joes.pc.at.home
+
+ says that during working hours, Joe may rlogin from the host
+ barracuda, whereas outside working hours and in weekends Joe may
+ rlogin from his networked PC at home.
+
+ login.c: failures was not properly initialized, it now is. Also
+ made sure ALL failures are really logged to syslog.
+
+Version 1.35 (7-Aug-95):
+ login.c: Much improved features for the usertty file, allows
+ access control based on both hostnames/addresses and line. See the
+ about.usertty file and the man-page.
+
+ Fixed agetty so it doesn't fiddle with the ut_id field in the
+ utmp record, this should prevent growing utmps on systems with
+ more than 10 login lines. Fix suggested and checked by Alan Wendt
+ <alan@ezlink.com> in his agetty.1.9.1a.
+
+ Agetty now installs as agetty again, not as getty.
+ Updated man-page for login(1) to document /etc/usertty changes.
+
+ This has been tested on Linux 1.2.5 with GCC 2.5.8 and libc 4.5.26.
+
+Version 1.33a (20-Jun-95):
+ rchatfie@cavern.nmsu.edu ("rc.") suggested that I should remove
+ the #ifndef linux around the special logging of dial-up
+ logins. This is now done, so each login via a serial port
+ generates a separate DIALUP syslog entry.
+
+Version 1.33 (5-Jun-95):
+ Patch by Ron Sommeling <sommel@sci.kun.nl> and
+ jlaiho@ichaos.nullnet.fi (Juha Laiho) for agetty.c, used
+ to return a pointer to an automatic variable in get_logname().
+ Many patches from or via Rickard Faith <faith@cs.unc.edu>, fixing
+ man-pages etc, now defaults to using /var/log/wtmp and /var/run/utmp
+ according to the new FSSTND.
+
+ Fix in login.c for CPU eating bug when a remote telnet client dies
+ while logging in.
+
+ This is for Linux 1.2, GCC 2.6.2 or later.
+
+Version 1.32b (12-Mar-95):
+ Login now sets the tty group to "tty" instead of "other". Depending
+ on compile-time define USE_TTY_GROUP the tty mode is set to 0620 or
+ 0600 instead of 0622. All as per suggestion by Rik Faith and the
+ linux-security list.
+ Write/wall now strips control chars except BEL (\007). Again after
+ suggestion by Rik Faith.
+
+Version 1.32a
+ Urgent security patch from Alvaro M. Echevarria incorporated into
+ login.c. This is really needed on machines running YP until
+ the libraries are fixed.
+
+Version 1.32
+ Login now logs the ip-address of the connecting host to utmp as it
+ should.
+
+Version 1.31b (2-Feb-95):
+ Daniel Quinlan <quinlan@yggdrasil.com> and Ross Biro
+ <biro@yggdrasil.com> suggested a patch to login.c that allows for
+ shell scripts in the shell field of /etc/passwd, so one can now
+ have (as a line in /etc/passwd):
+ bye::1000:1000:Outlogger:/bin:echo Bye
+ Logging in as "bye" with no password simply echoes Bye on the screen.
+ This has applications for pppd/slip.
+
+Version 1.31a (28-Oct-94):
+ Scott Telford provided a patch for simpleinit, so executing reboot
+ from singleuser mode won't partially execute /etc/rc before
+ the reboot.
+
+Version 1.30 (17-Sep-94):
+ tobias@server.et-inf.fho-emden.de (Peter Tobias) has made a more
+ advanced hostname command that understands some options such as
+ -f for FQDN etc. I'll not duplicate his work. Use his hostname
+ package if you wish.
+
+ svm@kozmix.xs4all.nl (Sander van Malssen) provided more features
+ for the /etc/issue file in agetty. \U and \u now expand to the
+ number of current users.
+
+ It is now possible to state the value of TERM on the agetty command
+ line. This was also provided by Sander.
+
+ This has been built under Linux 1.1.42 with gcc 2.5.8 and libc 4.5.26.
+
+Version 1.29 (18-Aug-94):
+ Finally got around to making a real version after the numerous
+ alpha versions of 1.28. Scott Telford <st@epcc.ed.ac.uk> provided
+ a patch for write(1) to make it look more like BSD write.
+
+ Fixed login so that the .hushlogin feature works even with real
+ protective users mounted via NFS (ie. where root can't access
+ the user's .hushlogin file).
+
+ Cleaned up the code to make -Wall bearable.
+
+Version 1.28c (21-Jul-94):
+ Rik Faith reminded me that agetty should use the syslog
+ facility. It now does.
+
+Version 1.28b (30-May-94):
+ On suggestion from Jeremy Fitzhardinge <jeremy@suite.sw.oz.au>
+ I added -- as option delimiter on args passed from agetty to
+ login. Fixes -froot hole for other login programs. The login
+ program in this package never had that hole.
+
+Version 1.28a (16-May-94):
+ bill@goshawk.lanl.gov provided a couple of patches, one fixing
+ terminal setup in agetty, and reboot is now supposed to be
+ in /sbin according to FSSTND.
+
+Version 1.27 (10-May-94):
+ Changed login.c, so all bad login attempts are logged, and added
+ usertty security feature. See about.usertty for an explanation.
+ There's no longer a limit of 20 chars in the TERM environment
+ variable. Suggested by Nicolai Langfeldt <janl@math.uio.no>
+
+ Added #ifdef HAVE_QUOTA around quota checks. Enable them if
+ you have quota stuff in your libraries and kernel.
+ Also re-enabled set/getpriority() calls as we now have them,
+ and have had for a long time...
+
+ Now wtmp is locked and unlocked around writes to avoid mangling.
+ Due to Jaakko Hyv{tti <HYVATTI@cc.helsinki.fi>.
+
+ Wrt. agetty: A \o in /etc/issue now inserts the domainname, as
+ set by domainname(1). Sander van Malssen provided this.
+ This is being used under Linux 1.1.9
+
+ Beefed up the agetty.8 man-page to describe the /etc/issue
+ options. Added man-pages for wall, cage, who.
+
+Version 1.26 alpha (25-Apr-94):
+ Added patch from Bill Reynolds <bill@goshawk.lanl.gov> to
+ simpleinit, so it will drop into single user if /etc/rc
+ fails, eg. from fsck.
+
+Version 1.25 (9-Feb-94):
+ Agetty should now work with the Linux 0.99pl15a kernel.
+ ECHOCTL and ECHOPRT are no longer set in the termios struct.
+ Also made agetty accept both "tty baudrate" and "baudrate tty"
+ arguments.
+
+Version 1.24 (23-Jan-94): changes since 1.22
+ Christian von Roques <roques@juliet.ka.sub.org> provided a patch
+ that cleans up the handling of the -L option on agetty.
+ Rik Faith <faith@cs.unc.edu> enhanced several man-pages...
+
+Version 1.23 (11-Dec-93): changes since 1.21
+ Mitchum DSouza provided the hostid(1) code. It needs libc 4.4.4 or
+ later and a Linux 0.99.14 kernel or later. It can set and print
+ the world unique hostid of the machine. This may be used in
+ connection with commercial software licenses. God forbid!
+ I added the -v option, and munged the code a bit, so don't blame
+ Mitch if you don't like it.
+
+ I made the "cage" program. Using this as a shell in the passwd
+ file, enables one to let users log into a chroot'ed environment.
+ For those that have modem logins and are concerned about security.
+ Read the source for further info.
+
+ "who am i" now works.
+
+ The login program works with Yellow Pages (aka NIS) simply by
+ linking with an appropriate library containing a proper version
+ of getpwnam() and friends.
+
+Version 1.21 (30-Oct-93): changes since 1.20
+ In simpleinit.c: The boottime wtmp record is now written *after*
+ /etc/rc is run, to put a correct timestamp on it.
+ Daniel Thumim <dthumim@mit.edu> suggested this fix.
+
+ The source and Makefile is prepared for optional installation of
+ binaries in /sbin instead of /etc, and logfiles in /usr/adm instead
+ of /etc. See and change the Makefile to suit your preferences.
+ Rik Faith and Stephen Tweedie inspired this change.
+
+Version 1.20 (30-Jul-93): changes since 1.17:
+ Versions 1.18 and 1.19 were never made publicly available.
+ Agetty now supports a -L switch that makes it force the CLOCAL flag.
+ This is useful if you have a local terminal attached with a partly
+ wired serial cable that does not pass on the Carrier Detect signal.
+
+ There's a domainname program like the hostname program; contributed
+ by Lars Wirzenius.
+
+ Simpleinit will now write a REBOOT record to wtmp on boot up. Time-
+ zone support is now optional in simpleinit. Both of these patches
+ were made by Scott Telford <st@epcc.ed.ac.uk>.
+
+ This is for Linux 0.99.11 or later.
+
+Version 1.17 (19-May-93): changes since 1.16:
+ Login, simpleinit and write should now work with shadow passwords
+ too. See the Makefile. Thanks to Anders Buch who let me have an
+ account on his SLS based Linux box on the Internet, so I could test
+ this. I should also thank jmorriso@rflab.ee.ubc.ca (John Paul Morrison)
+ who sent me the shadow patch to login.c
+
+Version 1.16 (24-Apr-93): changes since 1.15a:
+ Simpleinit now clears the utmp entry associated with the pid's that
+ it reaps if there is one. A few are still using simpleinit and this
+ was a popular demand. It also appends an entry to wtmp
+
+Version 1.15a (15-Mar-93): changes since 1.13a:
+ junio@shadow.twinsun.com (Jun Hamano) sent me a one-line fix
+ for occasional mangled issue-output from agetty.
+
+Version 1.13a (2-Mar-93): changes since 1.12a:
+ With the new LILO (0.9), there are more than one possible arg
+ to init, so Werner Almesberger <almesber@bernina.ethz.ch>
+ suggested that a loop over argv[] was made in boot_single() in
+ simpleinit.c
+
+Version 1.12a (24-Feb-93): changes since 1.11:
+ This is for Linux 0.99.6 or later. Built with gcc 2.3.3 and libc4.2
+ jrs@world.std.com (Rick Sladkey) told me that the setenv("TZ",..)
+ in login.c did more harm than good, so I commented it out.
+
+Version 1.11a (16-Feb-93): changes since 1.9a:
+ This is for Linux 0.99.5 or later.
+ Anthony Rumble <arumble@extro.ucc.su.OZ.AU> made me avare that
+ the patches for vhangup() from Steven S. Dick didn't quite work,
+ so I changed it.
+
+ Linus Torvalds provided another patch relating to vhangup, since
+ in newer Linuxen vhangup() doesn't really close all files, so we
+ can't just open the tty's again.
+
+Version 1.9a (18-Jan-93): changes since 1.8a:
+ Rick Faith sent me man-pages for most of the utilities in this
+ package. They are now included.
+
+ Steven S. Dick <ssd@nevets.oau.org> sent me a patch for login.c
+ so DTR won't drop during vhangup() on a modemline.
+
+ This is completely untested!! I haven't even had the time to
+ compile it yet.
+
+Version 1.8a (13-Dec-92): changes since 1.7:
+ This is for Linux 0.98.6 or later. Compiles with gcc2.2.2d7 and libc4.1
+
+ Bettered write/wall after fix from I forget who. Now wall can have
+ commandline args.
+
+ Fixed bug in who.c
+
+ Patched simpleinit.c with patch from Ed Carp, so it sets the timezone
+ from /etc/TZ. Should probably by be /etc/timezone.
+
+ Sander Van Malssen <sander@kozmix.hacktic.nl> provided a patch
+ for getty, so it can understand certain escapecodes in /etc/issue.
+
+ I hacked up a very simple substitute for a syslog() call, to try out
+ the logging. If you have a real syslog() and syslogd then use that!
+
+ The special vhangup.c file is out, it's in the official libc by now.
+ (and even in the libc that I have :-)
+
+ who, and write are now deprecated, get the better ones from one of
+ the GNU packages, shellutils I think.
+
+ Some people think that the simple init provided in this package is too
+ spartan, if you think the same, then get the SYSV compatible init
+ from Miquel van Smoorenburg <miquels@maestro.htsa.aha.nl>
+ Simpleinit will probably be deprecated in the future.
+
+Version 1.7: 26-Oct-92 changes since 1.6:
+ This is for Linux 0.97PL4 or later.
+
+ Thanks to Werner Almesberger, init now has support for a
+ singleuser mode.
+
+ Login now supports the -h <hostname> option, used in connection
+ with TCP/IP. (rlogin/telnet)
+
+ Getty writes an entry to /etc/wtmp when started, so last won't report
+ "still logged in" for tty's that have not been logged into since
+ the last user of that tty logged out. This patch was inspired by
+ Mitchum DSouza. To gain the full benefit of this, get the newest
+ last from the admutils-1.4.tar.Z package or later.
+
+Version 1.6 (29-Aug-92): changes since 1.5:
+ This is for Linux 0.97P1+ or later.
+
+ Login now uses the newly implemented vhangup() sys-call, to prevent
+ snooping on the tty.
+ An alternative getpass() function is now provided with login, because
+ I was told that the old one in libc didn't work with telnet and
+ or rlogin. I don't have a network or a kernel with TCP/IP so I haven't
+ tested the new one with telnet, but it is derived from BSD sources
+ that are supposed to work with networking.
+
+Version 1.5 (12-Aug-92): changes since 1.4
+ This is for Linux 0.97 or later, and has been built with gcc2.2.2
+
+ This release just puts in a few bugfixes in login.c and simpleinit.c
+
+Version 1.4 (4-Jul-92): changes since 1.3:
+ This is for Linux 0.96b, and has been built and tested with gcc 2.2.2.
+
+ Init now handles the SIGINT signal. When init gets a SIGINT it will
+ call /usr/bin/reboot and thereby gently reboot the machine. This
+ makes sense because after Linux 0.96B-PL1 the key-combination
+ Ctrl-Alt-Del may send a SIGINT to init instead of booting the
+ machine the hard way without syncing or anything.
+
+ You may want to get the admutils-1.1 package which includes a program
+ that will instruct the kernel to use the "gentle-reboot" procedure.
+
+Version 1.3 (14-Jun-92): changes since 1.2:
+ This is for Linux 0.96A.
+
+ The ioctl(TIOCSWINSZ) has been removed from login.c because it now
+ works :-).
+
+ login.c now supports a lastlog database.
+
+ Several programs and pieces of source that were included in the 1.2
+ package has been *removed* as they are incorporated into the new
+ libc. Other omitted parts such as last(1) has been replaced by
+ better versions, and can be found in the admutils package.
+
+ Agetty is now called getty and will be placed in /etc.
+
+ A few changes has been made to make it possible to compile the
+ stuff with GCC 2.x.
+
+Version 1.2 (28-Feb-92): changes since 1.1:
+ This is for Linux 0.12.
+
+ A couple of problems with simpleinit.c has been solved, thanks to
+ Humberto Zuazaga. So now init groks comments in /etc/inittab, and
+ handles the HUP and TSTP signals properly.
+
+ I added two small scripts to the distribution: users and mesg.
+
+ TERM is now carried through from /etc/inittab all the way to the
+ shell. Console tty's are special-cased, so the termcap entry in
+ /etc/inittab is overridden by the setting given at boot-time.
+ This requires a different patch to the kernel than that distributed
+ with version 1.1
+
+ Login no more sends superfluous chars from a password to the
+ shell. It also properly prints a NL after the password.
+
+ Agetty didn't set the erase character properly, it does now.
+
+ A few extra defines has been added to utmp.h
+
+ Several netters helped discover the bugs in 1.1. Thanks to them
+ all.
+
+Version 1.1 (released 19-Feb-92): Changes since 1.0:
+ A bug in simpleinit.c has been fixed, thanks to Pietro Castelli.
+ The definition of the ut_line field has been changed to track the
+ USG standard more closely, we now strip "/dev/" off the front.
+ Thanks to: Douglas E. Quale and Stephen Gallimore.
+
+ I have added a getlogin.c library routine, and a write(1) command.
+ I removed the qpl-init stuff. If people want to use it, they should
+ get it from the source. I don't want to hack on it anymore.
+
+ A couple of people reported problems with getty having problems
+ with serial terminals. That was correct. I borrowed a null-modem
+ from Tommy Thorn, and now the problems should be fixed. It seems
+ that there is kept a lot of garbage in the serial buffers, flush
+ them and it works like a charm. Getty does an ioctl(0, TCFLSH, 2)
+ for this.
+
+ The write.c code now doubles as code for a wall(1) program.
+
+Description of the various files:
+
+login.c The login program. This is a portation of BSD login, first
+ to HP-UX 8.0 by Michael Glad (glad@daimi.aau.dk), and
+ to Linux (initially to 0.12) by me.
+
+agetty.c The getty program. From comp.sources.misc, by W.Z. Venema.
+ Hacked a bit by me.
+
+write.c A write(1) command, used to pass messages between users
+ at different terminals. This code doubles as code for
+ a wall(1) command. Make a symlink: /usr/bin/wall ->
+ /usr/bin/write for this.
+
+mesg A tiny shellscript, so you can avoid that other people write
+ to your shell.
+
+pathnames.h:
+ Header.
+
+Getty will print the contents of /etc/issue if it's present before asking
+for username. Login will print the contents of /etc/motd after successful
+login. Login doesn't print /etc/motd, and doesn't check for mail if
+~/.hushlogin is present and world readable.
+
+If /etc/nologin is present then login will print its contents and disallow
+any logins except root.
+It might be a good idea to have a "rm -f /etc/nologin" line in one's
+/etc/rc file.
+
+If /etc/securetty is present it defines which tty's that root can login on.
+
+ - Peter (poe@daimi.aau.dk)