1LOGIN(1) User Commands LOGIN(1)
2
6 login - begin session on the system
7
9 login [ -p ] [ -h host ] [ -H ] [ -f username | username ]
10
12 login is used when signing onto a system. If no argument is given,
13 login prompts for the username.
14 The user is then prompted for a password, where appropriate. Echoing
16 is disabled to prevent revealing the password. Only a small number of
17 password failures are permitted before login exits and the communica‐
18 tions link is severed.
19 If password aging has been enabled for the account, the user may be
21 prompted for a new password before proceeding. He will be forced to
22 provide his old password and the new password before continuing.
23 Please refer to passwd(1) for more information.
24 The user and group ID will be set according to their values in the
26 /etc/passwd file. There is one exception if the user ID is zero: in
27 this case, only the primary group ID of the account is set. This
28 should allow the system administrator to login even in case of network
29 problems. The value for $HOME, $USER, $SHELL, $PATH, $LOGNAME, and
30 $MAIL are set according to the appropriate fields in the password
31 entry. $PATH defaults to /usr/local/bin:/bin:/usr/bin for normal
32 users, and to /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr
33 /bin for root, if not otherwise configured.
34 The environment variable $TERM will be preserved, if it exists (other
36 environment variables are preserved if the -p option is given), else it
37 will be initialized to the terminal type on your tty.
38 Then the user's shell is started. If no shell is specified for the
40 user in /etc/passwd, then /bin/sh is used. If there is no directory
41 specified in /etc/passwd, then / is used (the home directory is checked
42 for the .hushlogin file described below).
43 If the file .hushlogin exists, then a "quiet" login is performed (this
45 disables the checking of mail and the printing of the last login time
46 and message of the day). Otherwise, if /var/log/lastlog exists, the
47 last login time is printed (and the current login is recorded).
48
50 -p Used by getty(8) to tell login not to destroy the environment.
51 -f Used to skip a second login authentication. This specifically
53 does not work for root, and does not appear to work well under
54 Linux.
55 -h Used by other servers (i.e., telnetd(8)) to pass the name of the
57 remote host to login so that it may be placed in utmp and wtmp.
58 Only the superuser may use this option.
59 Note that the -h option has impact on the PAM service name. The
61 standard service name is login, with the -h option the name is
62 remote. It is necessary to create proper PAM config files
63 (e.g., /etc/pam.d/login and /etc/pam.d/remote).
64 -H Used by other servers (i.e., telnetd(8)) to tell login that
66 printing the hostname should be suppressed in the login: prompt.
67 See also LOGIN_PLAIN_PROMPT below if your server does not allow
68 to configure login command line.
69 --help Display help text and exit.
71 -V, --version
73 Display version information and exit.
74
76 login reads the /etc/login.defs(5) configuration file. Note that the
77 configuration file could be distributed with another package (e.g.,
78 shadow-utils). The following configuration items are relevant for
79 login(1):
80 MOTD_FILE (string)
82 If defined, a ":" delimited list of "message of the day" files to
83 be displayed upon login. The default value is /etc/motd. If the
84 MOTD_FILE item is empty or a quiet login is enabled, then the mes‐
85 sage of the day is not displayed. Note that the same functionality
86 is also provided by pam_motd(8) PAM module.
87 LOGIN_PLAIN_PROMPT (boolean)
89 Tell login that printing the hostname should be suppressed in the
90 login: prompt. This is alternative to the -H command line option.
91 The default value is no.
92 LOGIN_TIMEOUT (number)
94 Max time in seconds for login. The default value is 60.
95 LOGIN_RETRIES (number)
97 Maximum number of login retries in case of a bad password. The
98 default value is 3.
99 FAIL_DELAY (number)
101 Delay in seconds before being allowed another three tries after a
102 login failure. The default value is 5.
103 TTYPERM (string)
105 The terminal permissions. The default value is 0600 or 0620 if tty
106 group is used.
107 TTYGROUP (string)
109 The login tty will be owned by the TTYGROUP. The default value is
110 tty. If the TTYGROUP does not exist, then the ownership of the
111 terminal is set to the user´s primary group.
112 The TTYGROUP can be either the name of a group or a numeric group
114 identifier.
115 HUSHLOGIN_FILE (string)
117 If defined, this file can inhibit all the usual chatter during the
118 login sequence. If a full pathname (e.g., /etc/hushlogins) is
119 specified, then hushed mode will be enabled if the user´s name or
120 shell are found in the file. If this global hush login file is
121 empty then the hushed mode will be enabled for all users.
122 If a full pathname is not specified, then hushed mode will be
124 enabled if the file exists in the user´s home directory.
125 The default is to check /etc/hushlogins and if it does not exist
127 then ~/.hushlogin
128 If the HUSHLOGIN_FILE item is empty, then all the checks are dis‐
130 abled.
131 DEFAULT_HOME (boolean)
133 Indicate if login is allowed if we cannot change directory to the
134 home directory. If set to yes, the user will login in the root (/)
135 directory if it is not possible to change directory to her home.
136 The default value is yes.
137 LASTLOG_UID_MAX (unsigned number)
139 Highest user ID number for which the lastlog entries should be
140 updated. As higher user IDs are usually tracked by remote user
141 identity and authentication services there is no need to create a
142 huge sparse lastlog file for them. No LASTLOG_UID_MAX option
143 present in the configuration means that there is no user ID limit
144 for writing lastlog entries.
145 LOG_UNKFAIL_ENAB (boolean)
147 Enable display of unknown usernames when login failures are
148 recorded. The default value is no.
149 Note that logging unknown usernames may be a security issue if a
151 user enters her password instead of her login name.
152 ENV_PATH (string)
154 If set, it will be used to define the PATH environment variable
155 when a regular user logs in. The default value is /usr/local/bin:
156 /bin:/usr/bin
157 ENV_ROOTPATH (string)
159 ENV_SUPATH (string)
160 If set, it will be used to define the PATH environment variable
161 when the superuser logs in. ENV_ROOTPATH takes precedence. The
162 default value is /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr
163 /sbin:/usr/bin
164
166 /var/run/utmp
167 /var/log/wtmp
168 /var/log/lastlog
169 /var/spool/mail/*
170 /etc/motd
171 /etc/passwd
172 /etc/nologin
173 /etc/pam.d/login
174 /etc/pam.d/remote
175 /etc/hushlogins
176 .hushlogin
177
179 mail(1), passwd(1), passwd(5), environ(7), getty(8), init(8), shut‐
180 down(8)
181
183 The undocumented BSD -r option is not supported. This may be required
184 by some rlogind(8) programs.
185 A recursive login, as used to be possible in the good old days, no
187 longer works; for most purposes su(1) is a satisfactory substitute.
188 Indeed, for security reasons, login does a vhangup() system call to
189 remove any possible listening processes on the tty. This is to avoid
190 password sniffing. If one uses the command login, then the surrounding
191 shell gets killed by vhangup() because it's no longer the true owner of
192 the tty. This can be avoided by using exec login in a top-level shell
193 or xterm.
194
196 Derived from BSD login 5.40 (5/9/89) by Michael Glad ⟨glad@daimi.dk⟩
197 for HP-UX
198 Ported to Linux 0.12: Peter Orbaek ⟨poe@daimi.aau.dk⟩
199 Rewritten to a PAM-only version by Karel Zak ⟨kzak@redhat.com⟩
200
202 The login command is part of the util-linux package and is available
203 from Linux Kernel Archive ⟨https://www.kernel.org/pub/linux/utils/util-
204 linux/⟩.
205util-linux June 2012 LOGIN(1)