1LOGIN(1)                         User Commands                        LOGIN(1)
2
3
4

NAME

6       login - begin session on the system
7

SYNOPSIS

9       login [-p] [-h host] [-H] [-f username|username]
10

DESCRIPTION

12       login is used when signing onto a system. If no argument is given,
13       login prompts for the username.
14
15       The user is then prompted for a password, where appropriate. Echoing is
16       disabled to prevent revealing the password. Only a number of password
17       failures are permitted before login exits and the communications link
18       is severed. See LOGIN_RETRIES in the CONFIG FILE ITEMS section.
19
20       If password aging has been enabled for the account, the user may be
21       prompted for a new password before proceeding. In such case old
22       password must be provided and the new password entered before
23       continuing. Please refer to passwd(1) for more information.
24
25       The user and group ID will be set according to their values in the
26       /etc/passwd file. There is one exception if the user ID is zero. In
27       this case, only the primary group ID of the account is set. This should
28       allow the system administrator to login even in case of network
29       problems. The environment variable values for $HOME, $USER, $SHELL,
30       $PATH, $LOGNAME, and $MAIL are set according to the appropriate fields
31       in the password entry. $PATH defaults to /usr/local/bin:/bin:/usr/bin
32       for normal users, and to
33       /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin for root,
34       if not otherwise configured.
35
36       The environment variable $TERM will be preserved, if it exists, else it
37       will be initialized to the terminal type on your tty. Other environment
38       variables are preserved if the -p option is given.
39
40       The environment variables defined by PAM are always preserved.
41
42       Then the user’s shell is started. If no shell is specified for the user
43       in /etc/passwd, then /bin/sh is used. If there is no home directory
44       specified in /etc/passwd, then / is used, followed by .hushlogin check
45       as described below.
46
47       If the file .hushlogin exists, then a "quiet" login is performed. This
48       disables the checking of mail and the printing of the last login time
49       and message of the day. Otherwise, if /var/log/lastlog exists, the last
50       login time is printed, and the current login is recorded.
51

OPTIONS

53       -p
54           Used by getty(8) to tell login to preserve the environment.
55
56       -f
57           Used to skip a login authentication. This option is usually used by
58           the getty(8) autologin feature.
59
60       -h
61           Used by other servers (such as telnetd(8) to pass the name of the
62           remote host to login so that it can be placed in utmp and wtmp.
63           Only the superuser is allowed use this option.
64
65           Note that the -h option has an impact on the PAM service name. The
66           standard service name is login, but with the -h option, the name is
67           remote. It is necessary to create proper PAM config files (for
68           example, /etc/pam.d/login and /etc/pam.d/remote).
69
70       -H
71           Used by other servers (for example, telnetd(8)) to tell login that
72           printing the hostname should be suppressed in the login: prompt.
73           See also LOGIN_PLAIN_PROMPT below.
74
75       -h, --help
76           Display help text and exit.
77
78       -V, --version
79           Print version and exit.
80

CONFIG FILE ITEMS

82       login reads the /etc/login.defs configuration file (see login.defs(5)).
83       Note that the configuration file could be distributed with another
84       package (usually shadow-utils). The following configuration items are
85       relevant for login:
86
87       MOTD_FILE (string)
88           Specifies a ":" delimited list of "message of the day" files and
89           directories to be displayed upon login. If the specified path is a
90           directory then displays all files with .motd file extension in
91           version-sort order from the directory.
92
93           The default value is /usr/share/misc/motd:/run/motd:/etc/motd. If
94           the MOTD_FILE item is empty or a quiet login is enabled, then the
95           message of the day is not displayed. Note that the same
96           functionality is also provided by the pam_motd(8) PAM module.
97
98           The directories in the MOTD_FILE are supported since version 2.36.
99
100           Note that login does not implement any filenames overriding
101           behavior like pam_motd (see also MOTD_FIRSTONLY), but all content
102           from all files is displayed. It is recommended to keep extra logic
103           in content generators and use /run/motd.d rather than rely on
104           overriding behavior hardcoded in system tools.
105
106       MOTD_FIRSTONLY (boolean)
107           Forces login to stop display content specified by MOTD_FILE after
108           the first accessible item in the list. Note that a directory is one
109           item in this case. This option allows login semantics to be
110           configured to be more compatible with pam_motd. The default value
111           is no.
112
113       LOGIN_PLAIN_PROMPT (boolean)
114           Tell login that printing the hostname should be suppressed in the
115           login: prompt. This is an alternative to the -H command line
116           option. The default value is no.
117
118       LOGIN_TIMEOUT (number)
119           Maximum time in seconds for login. The default value is 60.
120
121       LOGIN_RETRIES (number)
122           Maximum number of login retries in case of a bad password. The
123           default value is 3.
124
125       LOGIN_KEEP_USERNAME (boolean)
126           Tell login to only re-prompt for the password if authentication
127           failed, but the username is valid. The default value is no.
128
129       FAIL_DELAY (number)
130           Delay in seconds before being allowed another three tries after a
131           login failure. The default value is 5.
132
133       TTYPERM (string)
134           The terminal permissions. The default value is 0600 or 0620 if tty
135           group is used.
136
137       TTYGROUP (string)
138           The login tty will be owned by the TTYGROUP. The default value is
139           tty. If the TTYGROUP does not exist, then the ownership of the
140           terminal is set to the user’s primary group.
141
142           The TTYGROUP can be either the name of a group or a numeric group
143           identifier.
144
145       HUSHLOGIN_FILE (string)
146           If defined, this file can inhibit all the usual chatter during the
147           login sequence. If a full pathname (for example, /etc/hushlogins)
148           is specified, then hushed mode will be enabled if the user’s name
149           or shell are found in the file. If this global hush login file is
150           empty then the hushed mode will be enabled for all users.
151
152           If a full pathname is not specified, then hushed mode will be
153           enabled if the file exists in the user’s home directory.
154
155           The default is to check /etc/hushlogins and if it does not exist
156           then ~/.hushlogin.
157
158           If the HUSHLOGIN_FILE item is empty, then all the checks are
159           disabled.
160
161       DEFAULT_HOME (boolean)
162           Indicate if login is allowed if we cannot change directory to the
163           home directory. If set to yes, the user will login in the root (/)
164           directory if it is not possible to change directory to their home.
165           The default value is yes.
166
167       LASTLOG_UID_MAX (unsigned number)
168           Highest user ID number for which the lastlog entries should be
169           updated. As higher user IDs are usually tracked by remote user
170           identity and authentication services there is no need to create a
171           huge sparse lastlog file for them. No LASTLOG_UID_MAX option
172           present in the configuration means that there is no user ID limit
173           for writing lastlog entries. The default value is ULONG_MAX.
174
175       LOG_UNKFAIL_ENAB (boolean)
176           Enable display of unknown usernames when login failures are
177           recorded. The default value is no.
178
179           Note that logging unknown usernames may be a security issue if a
180           user enters their password instead of their login name.
181
182       ENV_PATH (string)
183           If set, it will be used to define the PATH environment variable
184           when a regular user logs in. The default value is
185           /usr/local/bin:/bin:/usr/bin.
186
187       ENV_ROOTPATH (string), ENV_SUPATH (string)
188           If set, it will be used to define the PATH environment variable
189           when the superuser logs in. ENV_ROOTPATH takes precedence. The
190           default value is
191           /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.
192

FILES

194       /var/run/utmp, /var/log/wtmp, /var/log/lastlog, /var/spool/mail/*,
195       /etc/motd, /etc/passwd, /etc/nologin, /etc/pam.d/login,
196       /etc/pam.d/remote, /etc/hushlogins, $HOME/.hushlogin
197

BUGS

199       The undocumented BSD -r option is not supported. This may be required
200       by some rlogind(8) programs.
201
202       A recursive login, as used to be possible in the good old days, no
203       longer works; for most purposes su(1) is a satisfactory substitute.
204       Indeed, for security reasons, login does a vhangup(2) system call to
205       remove any possible listening processes on the tty. This is to avoid
206       password sniffing. If one uses the command login, then the surrounding
207       shell gets killed by vhangup(2) because it’s no longer the true owner
208       of the tty. This can be avoided by using exec login in a top-level
209       shell or xterm.
210

AUTHORS

212       Derived from BSD login 5.40 (5/9/89) by Michael Glad <glad@daimi.dk>
213       for HP-UX. Ported to Linux 0.12: Peter Orbaek <poe@daimi.aau.dk>.
214       Rewritten to a PAM-only version by Karel Zak <kzak@redhat.com>
215

SEE ALSO

217       mail(1), passwd(1), passwd(5), utmp(5), environ(7), getty(8), init(8),
218       lastlog(8), shutdown(8)
219

REPORTING BUGS

221       For bug reports, use the issue tracker at
222       https://github.com/util-linux/util-linux/issues.
223

AVAILABILITY

225       The login command is part of the util-linux package which can be
226       downloaded from Linux Kernel Archive
227       <https://www.kernel.org/pub/linux/utils/util-linux/>.
228
229
230
231util-linux 2.38.1                 2022-05-11                          LOGIN(1)
Impressum