1LOGIN(1) User Commands LOGIN(1)
2
6 login - begin session on the system
7
9 login [-p] [-h host] [-H] [-f username|username]
10
12 login is used when signing onto a system. If no argument is given,
13 login prompts for the username.
14 The user is then prompted for a password, where appropriate. Echoing is
16 disabled to prevent revealing the password. Only a number of password
17 failures are permitted before login exits and the communications link
18 is severed. See LOGIN_RETRIES in the CONFIG FILE ITEMS section.
19 If password aging has been enabled for the account, the user may be
21 prompted for a new password before proceeding. In such case old
22 password must be provided and the new password entered before
23 continuing. Please refer to passwd(1) for more information.
24 The user and group ID will be set according to their values in the
26 /etc/passwd file. There is one exception if the user ID is zero. In
27 this case, only the primary group ID of the account is set. This should
28 allow the system administrator to login even in case of network
29 problems. The environment variable values for $HOME, $USER, $SHELL,
30 $PATH, $LOGNAME, and $MAIL are set according to the appropriate fields
31 in the password entry. $PATH defaults to /usr/local/bin:/bin:/usr/bin
32 for normal users, and to
33 /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin for root,
34 if not otherwise configured.
35 The environment variable $TERM will be preserved, if it exists, else it
37 will be initialized to the terminal type on your tty. Other environment
38 variables are preserved if the -p option is given.
39 The environment variables defined by PAM are always preserved.
41 Then the user’s shell is started. If no shell is specified for the user
43 in /etc/passwd, then /bin/sh is used. If there is no home directory
44 specified in /etc/passwd, then / is used, followed by .hushlogin check
45 as described below.
46 If the file .hushlogin exists, then a "quiet" login is performed. This
48 disables the checking of mail and the printing of the last login time
49 and message of the day. Otherwise, if /var/log/lastlog exists, the last
50 login time is printed, and the current login is recorded.
51
53 -p
54 Used by getty(8) to tell login to preserve the environment.
55 -f
57 Used to skip a login authentication. This option is usually used by
58 the getty(8) autologin feature.
59 -h
61 Used by other servers (such as telnetd(8) to pass the name of the
62 remote host to login so that it can be placed in utmp and wtmp.
63 Only the superuser is allowed use this option.
64 Note that the -h option has an impact on the PAM service name. The
66 standard service name is login, but with the -h option, the name is
67 remote. It is necessary to create proper PAM config files (for
68 example, /etc/pam.d/login and /etc/pam.d/remote).
69 -H
71 Used by other servers (for example, telnetd(8)) to tell login that
72 printing the hostname should be suppressed in the login: prompt.
73 See also LOGIN_PLAIN_PROMPT below.
74 -h, --help
76 Display help text and exit.
77 -V, --version
79 Print version and exit.
80
82 login reads the /etc/login.defs configuration file (see login.defs(5)).
83 Note that the configuration file could be distributed with another
84 package (usually shadow-utils). The following configuration items are
85 relevant for login:
86 MOTD_FILE (string)
88 Specifies a ":" delimited list of "message of the day" files and
89 directories to be displayed upon login. If the specified path is a
90 directory then displays all files with .motd file extension in
91 version-sort order from the directory.
92 The default value is /usr/share/misc/motd:/run/motd:/etc/motd. If
94 the MOTD_FILE item is empty or a quiet login is enabled, then the
95 message of the day is not displayed. Note that the same
96 functionality is also provided by the pam_motd(8) PAM module.
97 The directories in the MOTD_FILE are supported since version 2.36.
99 Note that login does not implement any filenames overriding
101 behavior like pam_motd (see also MOTD_FIRSTONLY), but all content
102 from all files is displayed. It is recommended to keep extra logic
103 in content generators and use /run/motd.d rather than rely on
104 overriding behavior hardcoded in system tools.
105 MOTD_FIRSTONLY (boolean)
107 Forces login to stop display content specified by MOTD_FILE after
108 the first accessible item in the list. Note that a directory is one
109 item in this case. This option allows login semantics to be
110 configured to be more compatible with pam_motd. The default value
111 is no.
112 LOGIN_PLAIN_PROMPT (boolean)
114 Tell login that printing the hostname should be suppressed in the
115 login: prompt. This is an alternative to the -H command line
116 option. The default value is no.
117 LOGIN_TIMEOUT (number)
119 Maximum time in seconds for login. The default value is 60.
120 LOGIN_RETRIES (number)
122 Maximum number of login retries in case of a bad password. The
123 default value is 3.
124 LOGIN_KEEP_USERNAME (boolean)
126 Tell login to only re-prompt for the password if authentication
127 failed, but the username is valid. The default value is no.
128 FAIL_DELAY (number)
130 Delay in seconds before being allowed another three tries after a
131 login failure. The default value is 5.
132 TTYPERM (string)
134 The terminal permissions. The default value is 0600 or 0620 if tty
135 group is used.
136 TTYGROUP (string)
138 The login tty will be owned by the TTYGROUP. The default value is
139 tty. If the TTYGROUP does not exist, then the ownership of the
140 terminal is set to the user’s primary group.
141 The TTYGROUP can be either the name of a group or a numeric group
143 identifier.
144 HUSHLOGIN_FILE (string)
146 If defined, this file can inhibit all the usual chatter during the
147 login sequence. If a full pathname (for example, /etc/hushlogins)
148 is specified, then hushed mode will be enabled if the user’s name
149 or shell are found in the file. If this global hush login file is
150 empty then the hushed mode will be enabled for all users.
151 If a full pathname is not specified, then hushed mode will be
153 enabled if the file exists in the user’s home directory.
154 The default is to check /etc/hushlogins and if it does not exist
156 then ~/.hushlogin.
157 If the HUSHLOGIN_FILE item is empty, then all the checks are
159 disabled.
160 DEFAULT_HOME (boolean)
162 Indicate if login is allowed if we cannot change directory to the
163 home directory. If set to yes, the user will login in the root (/)
164 directory if it is not possible to change directory to their home.
165 The default value is yes.
166 LASTLOG_UID_MAX (unsigned number)
168 Highest user ID number for which the lastlog entries should be
169 updated. As higher user IDs are usually tracked by remote user
170 identity and authentication services there is no need to create a
171 huge sparse lastlog file for them. No LASTLOG_UID_MAX option
172 present in the configuration means that there is no user ID limit
173 for writing lastlog entries. The default value is ULONG_MAX.
174 LOG_UNKFAIL_ENAB (boolean)
176 Enable display of unknown usernames when login failures are
177 recorded. The default value is no.
178 Note that logging unknown usernames may be a security issue if a
180 user enters their password instead of their login name.
181 ENV_PATH (string)
183 If set, it will be used to define the PATH environment variable
184 when a regular user logs in. The default value is
185 /usr/local/bin:/bin:/usr/bin.
186 ENV_ROOTPATH (string), ENV_SUPATH (string)
188 If set, it will be used to define the PATH environment variable
189 when the superuser logs in. ENV_ROOTPATH takes precedence. The
190 default value is
191 /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.
192
194 /var/run/utmp, /var/log/wtmp, /var/log/lastlog, /var/spool/mail/*,
195 /etc/motd, /etc/passwd, /etc/nologin, /etc/pam.d/login,
196 /etc/pam.d/remote, /etc/hushlogins, $HOME/.hushlogin
197
199 The undocumented BSD -r option is not supported. This may be required
200 by some rlogind(8) programs.
201 A recursive login, as used to be possible in the good old days, no
203 longer works; for most purposes su(1) is a satisfactory substitute.
204 Indeed, for security reasons, login does a vhangup(2) system call to
205 remove any possible listening processes on the tty. This is to avoid
206 password sniffing. If one uses the command login, then the surrounding
207 shell gets killed by vhangup(2) because it’s no longer the true owner
208 of the tty. This can be avoided by using exec login in a top-level
209 shell or xterm.
210
212 Derived from BSD login 5.40 (5/9/89) by Michael Glad <glad@daimi.dk>
213 for HP-UX. Ported to Linux 0.12: Peter Orbaek <poe@daimi.aau.dk>.
214 Rewritten to a PAM-only version by Karel Zak <kzak@redhat.com>
215
217 mail(1), passwd(1), passwd(5), utmp(5), environ(7), getty(8), init(8),
218 lastlog(8), shutdown(8)
219
221 For bug reports, use the issue tracker at
222 https://github.com/util-linux/util-linux/issues.
223
225 The login command is part of the util-linux package which can be
226 downloaded from Linux Kernel Archive
227 <https://www.kernel.org/pub/linux/utils/util-linux/>.
228util-linux 2.38 2022-02-17 LOGIN(1)