1LOGIN(1) User Commands LOGIN(1)
2
3
4
6 login - begin session on the system
7
9 login [ -p ] [ -h host ] [ -H ] [ -f username | username ]
10
12 login is used when signing onto a system. If no argument is given,
13 login prompts for the username.
14
15 The user is then prompted for a password, where appropriate. Echoing
16 is disabled to prevent revealing the password. Only a small number of
17 password failures are permitted before login exits and the communica‐
18 tions link is severed.
19
20 If password aging has been enabled for the account, the user may be
21 prompted for a new password before proceeding. He will be forced to
22 provide his old password and the new password before continuing.
23 Please refer to passwd(1) for more information.
24
25 The user and group ID will be set according to their values in the
26 /etc/passwd file. There is one exception if the user ID is zero: in
27 this case, only the primary group ID of the account is set. This
28 should allow the system administrator to login even in case of network
29 problems. The value for $HOME, $USER, $SHELL, $PATH, $LOGNAME, and
30 $MAIL are set according to the appropriate fields in the password
31 entry. $PATH defaults to /usr/local/bin:/bin:/usr/bin for normal
32 users, and to /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr
33 /bin for root, if not otherwise configured.
34
35 The environment variable $TERM will be preserved, if it exists (other
36 environment variables are preserved if the -p option is given), else it
37 will be initialized to the terminal type on your tty.
38
39 Then the user's shell is started. If no shell is specified for the
40 user in /etc/passwd, then /bin/sh is used. If there is no directory
41 specified in /etc/passwd, then / is used (the home directory is checked
42 for the .hushlogin file described below).
43
44 If the file .hushlogin exists, then a "quiet" login is performed (this
45 disables the checking of mail and the printing of the last login time
46 and message of the day). Otherwise, if /var/log/lastlog exists, the
47 last login time is printed (and the current login is recorded).
48
50 -p Used by getty(8) to tell login not to destroy the environment.
51
52 -f Used to skip a login authentication. This option is usually
53 used by the getty(8) autologin feature.
54
55 -h Used by other servers (i.e., telnetd(8)) to pass the name of the
56 remote host to login so that it may be placed in utmp and wtmp.
57 Only the superuser may use this option.
58
59 Note that the -h option has an impact on the PAM service name.
60 The standard service name is login, but with the -h option, the
61 name is remote. It is necessary to create proper PAM config
62 files (e.g., /etc/pam.d/login and /etc/pam.d/remote).
63
64 -H Used by other servers (i.e., telnetd(8)) to tell login that
65 printing the hostname should be suppressed in the login: prompt.
66 See also LOGIN_PLAIN_PROMPT below if your server does not allow
67 the login command line to be configured.
68
69 --help Display help text and exit.
70
71 -V, --version
72 Display version information and exit.
73
75 login reads the /etc/login.defs(5) configuration file. Note that the
76 configuration file could be distributed with another package (e.g.,
77 shadow-utils). The following configuration items are relevant for
78 login:
79
80 MOTD_FILE (string)
81 Specifies a ":" delimited list of "message of the day" files and
82 directories to be displayed upon login. If the specified path is a
83 directory then displays all files with .motd file extension in ver‐
84 sion-sort order from the directory.
85
86 The default value is /usr/share/misc/motd:/run/motd:/etc/motd. If
87 the MOTD_FILE item is empty or a quiet login is enabled, then the
88 message of the day is not displayed. Note that the same function‐
89 ality is also provided by the pam_motd(8) PAM module.
90
91 The directories in the MOTD_FILE are supported since version 2.36.
92
93 Note that login does not implement any filenames overriding behav‐
94 ior like pam_motd (see also MOTD_FIRSTONLY), but all content from
95 all files is displayed. It is recommended to keep extra logic in
96 content generators and use /run/motd.d rather than rely on overrid‐
97 ing behavior hardcoded in system tools.
98
99 MOTD_FIRSTONLY (boolean)
100 Forces login to stop display content specified by MOTD_FILE after
101 the first accessible item in the list. Note that a directory is
102 one item in this case. This option allows login semantics to be
103 configured to be more compatible with pam_motd.
104
105 LOGIN_PLAIN_PROMPT (boolean)
106 Tell login that printing the hostname should be suppressed in the
107 login: prompt. This is an alternative to the -H command line
108 option. The default value is no.
109
110 LOGIN_TIMEOUT (number)
111 Maximum time in seconds for login. The default value is 60.
112
113 LOGIN_RETRIES (number)
114 Maximum number of login retries in case of a bad password. The
115 default value is 3.
116
117 FAIL_DELAY (number)
118 Delay in seconds before being allowed another three tries after a
119 login failure. The default value is 5.
120
121 TTYPERM (string)
122 The terminal permissions. The default value is 0600 or 0620 if tty
123 group is used.
124
125 TTYGROUP (string)
126 The login tty will be owned by the TTYGROUP. The default value is
127 tty. If the TTYGROUP does not exist, then the ownership of the
128 terminal is set to the user´s primary group.
129
130 The TTYGROUP can be either the name of a group or a numeric group
131 identifier.
132
133 HUSHLOGIN_FILE (string)
134 If defined, this file can inhibit all the usual chatter during the
135 login sequence. If a full pathname (e.g., /etc/hushlogins) is
136 specified, then hushed mode will be enabled if the user´s name or
137 shell are found in the file. If this global hush login file is
138 empty then the hushed mode will be enabled for all users.
139
140 If a full pathname is not specified, then hushed mode will be
141 enabled if the file exists in the user´s home directory.
142
143 The default is to check /etc/hushlogins and if it does not exist
144 then ~/.hushlogin
145
146 If the HUSHLOGIN_FILE item is empty, then all the checks are dis‐
147 abled.
148
149 DEFAULT_HOME (boolean)
150 Indicate if login is allowed if we cannot change directory to the
151 home directory. If set to yes, the user will login in the root (/)
152 directory if it is not possible to change directory to her home.
153 The default value is yes.
154
155 LASTLOG_UID_MAX (unsigned number)
156 Highest user ID number for which the lastlog entries should be
157 updated. As higher user IDs are usually tracked by remote user
158 identity and authentication services there is no need to create a
159 huge sparse lastlog file for them. No LASTLOG_UID_MAX option
160 present in the configuration means that there is no user ID limit
161 for writing lastlog entries.
162
163 LOG_UNKFAIL_ENAB (boolean)
164 Enable display of unknown usernames when login failures are
165 recorded. The default value is no.
166
167 Note that logging unknown usernames may be a security issue if a
168 user enters her password instead of her login name.
169
170 ENV_PATH (string)
171 If set, it will be used to define the PATH environment variable
172 when a regular user logs in. The default value is /usr/local/bin:
173 /bin:/usr/bin
174
175 ENV_ROOTPATH (string)
176 ENV_SUPATH (string)
177 If set, it will be used to define the PATH environment variable
178 when the superuser logs in. ENV_ROOTPATH takes precedence. The
179 default value is /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr
180 /sbin:/usr/bin
181
183 /var/run/utmp
184 /var/log/wtmp
185 /var/log/lastlog
186 /var/spool/mail/*
187 /etc/motd
188 /etc/passwd
189 /etc/nologin
190 /etc/pam.d/login
191 /etc/pam.d/remote
192 /etc/hushlogins
193 .hushlogin
194
196 The undocumented BSD -r option is not supported. This may be required
197 by some rlogind(8) programs.
198
199 A recursive login, as used to be possible in the good old days, no
200 longer works; for most purposes su(1) is a satisfactory substitute.
201 Indeed, for security reasons, login does a vhangup(2) system call to
202 remove any possible listening processes on the tty. This is to avoid
203 password sniffing. If one uses the command login, then the surrounding
204 shell gets killed by vhangup(2) because it's no longer the true owner
205 of the tty. This can be avoided by using exec login in a top-level
206 shell or xterm.
207
209 Derived from BSD login 5.40 (5/9/89) by Michael Glad ⟨glad@daimi.dk⟩
210 for HP-UX
211 Ported to Linux 0.12: Peter Orbaek ⟨poe@daimi.aau.dk⟩
212 Rewritten to a PAM-only version by Karel Zak ⟨kzak@redhat.com⟩
213
215 mail(1), passwd(1), passwd(5), utmp(5), environ(7), getty(8), init(8),
216 lastlog(8) shutdown(8)
217
219 The login command is part of the util-linux package and is available
220 from Linux Kernel Archive ⟨https://www.kernel.org/pub/linux/utils/util-
221 linux/⟩.
222
223
224
225util-linux June 2012 LOGIN(1)