1LOGIN(1) User Commands LOGIN(1)
2
3
4
6 login - begin session on the system
7
9 login [ -p ] [ -h host ] [ -H ] [ -f username | username ]
10
12 login is used when signing onto a system. If no argument is given,
13 login prompts for the username.
14
15 The user is then prompted for a password, where approprate. Echoing is
16 disabled to prevent revealing the password. Only a small number of
17 password failures are permitted before login exits and the communica‐
18 tions link is severed.
19
20 If password aging has been enabled for the account, the user may be
21 prompted for a new password before proceeding. He will be forced to
22 provide his old password and the new password before continuing.
23 Please refer to passwd(1) for more information.
24
25 The user and group ID will be set according to their values in the
26 /etc/passwd file. There is one exception if the user ID is zero: in
27 this case, only the primary group ID of the account is set. This
28 should allow the system adminitrator to login even in case of network
29 problems. The value for $HOME, $USER, $SHELL, $PATH, $LOGNAME, and
30 $MAIL are set according to the appropriate fields in the password
31 entry. $PATH defaults to /usr/local/bin:/bin:/usr/bin for normal
32 users, and to /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr
33 /bin for root if not other configured.
34
35 The environment variable $TERM will be preserved, if it exists (other
36 environment variables are preserved if the -p option is given) or be
37 initialize to the terminal type on your tty.
38
39 Then the user's shell is started. If no shell is specified for the
40 user in /etc/passwd, then /bin/sh is used. If there is no directory
41 specified in /etc/passwd, then / is used (the home directory is checked
42 for the .hushlogin file described below).
43
44 If the file .hushlogin exists, then a "quiet" login is performed (this
45 disables the checking of mail and the printing of the last login time
46 and message of the day). Otherwise, if /var/log/lastlog exists, the
47 last login time is printed (and the current login is recorded).
48
50 -p Used by getty(8) to tell login not to destroy the environment.
51
52 -f Used to skip a second login authentication. This specifically
53 does not work for root, and does not appear to work well under
54 Linux.
55
56 -h Used by other servers (i.e., telnetd(8)) to pass the name of the
57 remote host to login so that it may be placed in utmp and wtmp.
58 Only the superuser may use this option.
59
60 Note that the -h option has impact on the PAM service name. The
61 standard service name is login, with the -h option the name is
62 remote. It is necessary to create a proper PAM config files
63 (e.g. /etc/pam.d/login and /etc/pam.d/remote).
64
65 -H Used by other servers (i.e., telnetd(8)) to tell login that
66 printing the hostname should be suppressed in the login: prompt.
67 See also LOGIN_PLAIN_PROMPT below if your server does not allow
68 to configure login command line.
69
70 -V Print version and exit.
71
73 login reads the /etc/login.defs(5) configuration file. Note that the
74 configuration file could be distributed with another package (e.g.
75 shadow-utils). The following configuration items are relevant for
76 login(1):
77
78 MOTD_FILE (string)
79 If defined, ":" delimited list of "message of the day" files to be
80 displayed upon login. The default value is /etc/motd. If the
81 MOTD_FILE item is empty or quiet login is enabled then the message
82 of the day is not displayed. Note that the same functionality is
83 also provided by pam_motd(8) PAM module.
84
85 LOGIN_PLAIN_PROMPT (boolean)
86 Tell login that printing the hostname should be suppressed in the
87 login: prompt. This is alternative to the -H command line option.
88 The default value is no.
89
90 LOGIN_TIMEOUT (number)
91 Max time in seconds for login. The default value is 60.
92
93 LOGIN_RETRIES (number)
94 Maximum number of login retries in case of bad password. The
95 default value is 3.
96
97 FAIL_DELAY (number)
98 Delay in seconds before being allowed another three tries after a
99 login failure. The default value is 5.
100
101 TTYPERM (string)
102 The terminal permissions. The default value is 0600 or 0620 if tty
103 group is used.
104
105 TTYGROUP (string)
106 The login tty will be owned by the TTYGROUP. The default value is
107 tty. If the TTYGROUP does not exist then the ownership of the ter‐
108 minal is set to the user´s primary group.
109
110 The TTYGROUP can be either the name of a group or a numeric group
111 identifier.
112
113 HUSHLOGIN_FILE (string)
114 If defined, this file can inhibit all the usual chatter during the
115 login sequence. If a full pathname (e.g. /etc/hushlogins) is
116 specified, then hushed mode will be enabled if the user´s name or
117 shell are found in the file. If this global hush login file is
118 empty then the hushed mode will be enabled for all users.
119
120 If not a full pathname is specified, then hushed mode will be
121 enabled if the file exists in the user´s home directory.
122
123 The default is to check /etc/hushlogins and if does not exist then
124 ~/.hushlogin
125
126 If the HUSHLOGIN_FILE item is empty then all checks are disabled.
127
128 DEFAULT_HOME (boolean)
129 Indicate if login is allowed if we can not change directory to the
130 home directory. If set to yes, the user will login in the root (/)
131 directory if it is not possible to change directory to her home.
132 The default value is yes.
133
134 LOG_UNKFAIL_ENAB (boolean)
135 Enable display of unknown usernames when login failures are
136 recorded. The default value is no.
137
138 Note that logging unknown usernames may be a security issue if an
139 user enter her password instead of her login name.
140
141 ENV_PATH (string)
142 If set, it will be used to define the PATH environment variable
143 when a regular user login. The default value is /usr/local/bin:
144 /bin:/usr/bin
145
146 ENV_ROOTPATH (string)
147 ENV_SUPATH (string)
148 If set, it will be used to define the PATH environment variable
149 when the superuser login. The default value is /usr/local/sbin:
150 /usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
151
153 /var/run/utmp
154 /var/log/wtmp
155 /var/log/lastlog
156 /var/spool/mail/*
157 /etc/motd
158 /etc/passwd
159 /etc/nologin
160 /etc/pam.d/login
161 /etc/pam.d/remote
162 /etc/hushlogins
163 .hushlogin
164
166 init(8), getty(8), mail(1), passwd(1), passwd(5), environ(7), shut‐
167 down(8)
168
170 The undocumented BSD -r option is not supported. This may be required
171 by some rlogind(8) programs.
172
173 A recursive login, as used to be possible in the good old days, no
174 longer works; for most purposes su(1) is a satisfactory substitute.
175 Indeed, for security reasons, login does a vhangup() system call to
176 remove any possible listening processes on the tty. This is to avoid
177 password sniffing. If one uses the command login, then the surrounding
178 shell gets killed by vhangup() because it's no longer the true owner of
179 the tty. This can be avoided by using exec login in a top-level shell
180 or xterm.
181
183 Derived from BSD login 5.40 (5/9/89) by Michael Glad ⟨glad@daimi.dk⟩
184 for HP-UX
185 Ported to Linux 0.12: Peter Orbaek ⟨poe@daimi.aau.dk⟩
186 Rewritten to PAM-only version by Karel Zak ⟨kzak@redhat.com⟩
187
189 The login command is part of the util-linux package and is available
190 from Linux Kernel Archive ⟨ftp://ftp.kernel.org/pub/linux/utils/util-
191 linux/⟩.
192
193
194
195util-linux June 2012 LOGIN(1)