1LOGIN(1) User Commands LOGIN(1)
2
6 login - begin session on the system
7
9 login [ -p ] [ -h host ] [ -H ] [ -f username | username ]
10
12 login is used when signing onto a system. If no argument is given,
13 login prompts for the username.
14 The user is then prompted for a password, where appropriate. Echoing
16 is disabled to prevent revealing the password. Only a small number of
17 password failures are permitted before login exits and the communica‐
18 tions link is severed.
19 If password aging has been enabled for the account, the user may be
21 prompted for a new password before proceeding. He will be forced to
22 provide his old password and the new password before continuing.
23 Please refer to passwd(1) for more information.
24 The user and group ID will be set according to their values in the
26 /etc/passwd file. There is one exception if the user ID is zero: in
27 this case, only the primary group ID of the account is set. This
28 should allow the system administrator to login even in case of network
29 problems. The value for $HOME, $USER, $SHELL, $PATH, $LOGNAME, and
30 $MAIL are set according to the appropriate fields in the password
31 entry. $PATH defaults to /usr/local/bin:/bin:/usr/bin for normal
32 users, and to /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr
33 /bin for root, if not otherwise configured.
34 The environment variable $TERM will be preserved, if it exists (other
36 environment variables are preserved if the -p option is given), else it
37 will be initialized to the terminal type on your tty.
38 Then the user's shell is started. If no shell is specified for the
40 user in /etc/passwd, then /bin/sh is used. If there is no directory
41 specified in /etc/passwd, then / is used (the home directory is checked
42 for the .hushlogin file described below).
43 If the file .hushlogin exists, then a "quiet" login is performed (this
45 disables the checking of mail and the printing of the last login time
46 and message of the day). Otherwise, if /var/log/lastlog exists, the
47 last login time is printed (and the current login is recorded).
48
50 -p Used by getty(8) to tell login not to destroy the environment.
51 -f Used to skip a second login authentication. This specifically
53 does not work for root, and does not appear to work well under
54 Linux.
55 -h Used by other servers (i.e., telnetd(8)) to pass the name of the
57 remote host to login so that it may be placed in utmp and wtmp.
58 Only the superuser may use this option.
59 Note that the -h option has impact on the PAM service name. The
61 standard service name is login, with the -h option the name is
62 remote. It is necessary to create proper PAM config files (e.g.
63 /etc/pam.d/login and /etc/pam.d/remote).
64 -H Used by other servers (i.e., telnetd(8)) to tell login that
66 printing the hostname should be suppressed in the login: prompt.
67 See also LOGIN_PLAIN_PROMPT below if your server does not allow
68 to configure login command line.
69 --help Display help text and exit.
71 -V, --version
73 Display version information and exit.
74
76 login reads the /etc/login.defs(5) configuration file. Note that the
77 configuration file could be distributed with another package (e.g.
78 shadow-utils). The following configuration items are relevant for
79 login(1):
80 MOTD_FILE (string)
82 If defined, a ":" delimited list of "message of the day" files to
83 be displayed upon login. The default value is /etc/motd. If the
84 MOTD_FILE item is empty or a quiet login is enabled, then the mes‐
85 sage of the day is not displayed. Note that the same functionality
86 is also provided by pam_motd(8) PAM module.
87 LOGIN_PLAIN_PROMPT (boolean)
89 Tell login that printing the hostname should be suppressed in the
90 login: prompt. This is alternative to the -H command line option.
91 The default value is no.
92 LOGIN_TIMEOUT (number)
94 Max time in seconds for login. The default value is 60.
95 LOGIN_RETRIES (number)
97 Maximum number of login retries in case of a bad password. The
98 default value is 3.
99 FAIL_DELAY (number)
101 Delay in seconds before being allowed another three tries after a
102 login failure. The default value is 5.
103 TTYPERM (string)
105 The terminal permissions. The default value is 0600 or 0620 if tty
106 group is used.
107 TTYGROUP (string)
109 The login tty will be owned by the TTYGROUP. The default value is
110 tty. If the TTYGROUP does not exist, then the ownership of the
111 terminal is set to the user´s primary group.
112 The TTYGROUP can be either the name of a group or a numeric group
114 identifier.
115 HUSHLOGIN_FILE (string)
117 If defined, this file can inhibit all the usual chatter during the
118 login sequence. If a full pathname (e.g. /etc/hushlogins) is
119 specified, then hushed mode will be enabled if the user´s name or
120 shell are found in the file. If this global hush login file is
121 empty then the hushed mode will be enabled for all users.
122 If a full pathname is not specified, then hushed mode will be
124 enabled if the file exists in the user´s home directory.
125 The default is to check /etc/hushlogins and if it does not exist
127 then ~/.hushlogin
128 If the HUSHLOGIN_FILE item is empty, then all the checks are dis‐
130 abled.
131 DEFAULT_HOME (boolean)
133 Indicate if login is allowed if we cannot change directory to the
134 home directory. If set to yes, the user will login in the root (/)
135 directory if it is not possible to change directory to her home.
136 The default value is yes.
137 LOG_UNKFAIL_ENAB (boolean)
139 Enable display of unknown usernames when login failures are
140 recorded. The default value is no.
141 Note that logging unknown usernames may be a security issue if a
143 user enters her password instead of her login name.
144 ENV_PATH (string)
146 If set, it will be used to define the PATH environment variable
147 when a regular user logs in. The default value is /usr/local/bin:
148 /bin:/usr/bin
149 ENV_ROOTPATH (string)
151 ENV_SUPATH (string)
152 If set, it will be used to define the PATH environment variable
153 when the superuser logs in. The default value is /usr/local/sbin:
154 /usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
155
157 /var/run/utmp
158 /var/log/wtmp
159 /var/log/lastlog
160 /var/spool/mail/*
161 /etc/motd
162 /etc/passwd
163 /etc/nologin
164 /etc/pam.d/login
165 /etc/pam.d/remote
166 /etc/hushlogins
167 .hushlogin
168
170 mail(1), passwd(1), passwd(5), environ(7), getty(8), init(8), shut‐
171 down(8)
172
174 The undocumented BSD -r option is not supported. This may be required
175 by some rlogind(8) programs.
176 A recursive login, as used to be possible in the good old days, no
178 longer works; for most purposes su(1) is a satisfactory substitute.
179 Indeed, for security reasons, login does a vhangup() system call to
180 remove any possible listening processes on the tty. This is to avoid
181 password sniffing. If one uses the command login, then the surrounding
182 shell gets killed by vhangup() because it's no longer the true owner of
183 the tty. This can be avoided by using exec login in a top-level shell
184 or xterm.
185
187 Derived from BSD login 5.40 (5/9/89) by Michael Glad ⟨glad@daimi.dk⟩
188 for HP-UX
189 Ported to Linux 0.12: Peter Orbaek ⟨poe@daimi.aau.dk⟩
190 Rewritten to a PAM-only version by Karel Zak ⟨kzak@redhat.com⟩
191
193 The login command is part of the util-linux package and is available
194 from Linux Kernel Archive ⟨https://www.kernel.org/pub/linux/utils/util-
195 linux/⟩.
196util-linux June 2012 LOGIN(1)