login(1)

NAME

SYNOPSIS

DESCRIPTION

login is used at the beginning of each terminal session to properly identify the prospective user. login can be invoked as a user command, or by the system when an incoming connection is first established. login is also invoked by the system when a previous user shell terminates but the terminal does not disconnect.

If login is invoked as a command it must replace the initial command interpreter (user’s login shell). This is accomplished by typing:

exec login

from the user shell.

If name is not specified on the command line, login asks for login name and, if required, the corresponding password. Terminal echo is turned off (where possible) during typing of the password so that it will not appear on any written record of the session. If the login name provided is not valid, login requests a password. This is done to make it more difficult for an unauthorized user to log in on the system by trial and error. After three unsuccessful login attempts, a HANGUP signal is issued.

As a security precaution, some installations use an option that requires a second “dialup” password. This occurs only for dial-up connections, and is prompted by the message dialup password:. Both passwords must be correct for a successful login. See dialups(4) for details on dialup security.

If password aging has been invoked by the user with appropriate privileges on your behalf, your password may have expired. In this case, you will be diverted into passwd to change it, after which you can attempt to login again (see passwd(1)).

If login is not successfully completed within a certain period of time (e.g., one minute), the terminal is silently disconnected.

After a successful login, the accounting files are updated, user and group id’s, group access list, and working directory are initialized, and the user’s command interpreter, usually one of the shells listed in the sh(1) manual entry, is determined from corresponding user entries in files /etc/passwd and /etc/logingroup (if /etc/passwd does not specify a shell for user, /bin/sh is used by default). login then forks the appropriate shell by using the last component of the shell pathname preceded by a - (for example, -sh or -ksh). When the command interpreter is invoked with its name preceded by a minus in this manner, the shell performs its own initialization, including execution of profile, login, or other initialization scripts.

For example, if the user login shell is sh(1) or ksh(1), the shell executes the profile files /etc/profile and $HOME/.profile if they exist (and possibly others as well, depending on what they contain). Depending on what these profile files contain, messages regarding mail in your mail file or any messages you may have received since your last login may be displayed.

If the command name field is *, a chroot() to the directory named in the directory field of the entry is performed. At that point login is re-executed at the new level which must have its own root structure, including /bin/login and /etc/passwd.

The basic environment (see environ(5)) is initialized to:

HOME=your_login_directory
PATH=:/bin:/usr/bin
SHELL=last_field_of_passwd_entry
MAIL=/usr/mail/your_login_name
TZ=timezone_specification

For users with appropriate privileges, PATH is augmented to include /etc. In the case of a remote login, the enviroment variable TERM is also set to the remote user’s terminal type.

The environment can be expanded or modified by supplying additional arguments to login, either at execution time or when login requests your login name. The arguments can take either the form xxx or xxx=yyy. Arguments without an equal sign are placed in the environment as

Ln=xxx

where n is a number starting at 0 and is incremented each time a new variable name is required. Variables containing an = are placed into the environment without modification. If the name already appears in the environment, the new value replaces the older one. There are two exceptions. The variables PATH and SHELL cannot be changed. This prevents users logged in with restricted shell environments from spawning secondary shells that are not restricted. Both login and getty understand simple single-character quoting conventions. Typing a backslash in front of a character quotes it and allows the inclusion of such things as spaces and tabs.

If /etc/btmp is present, all unsuccessful login attempts are logged to this file. This feature is disabled if the file is not present. A summary of bad login attempts can be viewed by users with appropriate privileges by using lastb, see last(1M).

If /etc/securetty is present, login security is in effect, meaning that only users with appropriate privileges are allowed to log in successfully on the ttys listed in this file. Restricted ttys are listed by device name, one per line. Valid tty names are dependent on installation. Some examples could be console, tty01, ttya1, etc. Note that this feature does not inhibit a normal user from using su.

DIAGNOSTICS

The following diagnostics appear if the associated condition occurs:

No shell

Cannot open password file

No directory Consult system administrator.

Your password has expired. Choose a new one
Password aging is enabled and the user’s password has expired.

No Root Directory
Attempted to log into a subdirectory that does not exist (i.e., passwd file entry had shell name *, but the system cannot chroot to the given directory).

No /bin/login or /etc/login on root
Same as above except sub-root login command not found.

Bad user id or Bad group id.
setuid or setgid failed.

Unable to change to directory name
Cannot chdir to your home directory.

No shell User shell (or /bin/sh if shell name is null in /etc/passwd) could not be exec’d.

Sorry, single-user
Occurs if the version field from uname(2) starts with A (or if the uname system call fails) and if your terminal name is not /dev/console and if your home shell is not named /usr/lib/uucp/uucico. You are not logged in.

No utmp entry. You must exec "login" from the lowest level "sh"
Attempted to execute login as a command without using the shell’s exec internal command or from other than the initial shell.

.rhosts is a soft link
Personal equivalence file is a symbolic link.

Bad .rhosts ownership
Personal equivalence file is not owned by the local user or by the the user with appropriate privileges.

Remuser too long

Locuser too long

Terminal type too long
Indicated string was too long for login’s internal buffer.

WARNINGS

If /etc/group is linked to /etc/logingroup, and group membership for the user trying to log in is managed by the Network Information Service (NIS), and no NIS server is able to respond, login waits until a server does respond.

AUTHOR

FILES

$HOME/.profile personal profile (individual user initialization)

$HOME/.rhosts personal equivalence file for the remote login server

/etc/btmp history of bad login attempts

/etc/d_passwd dialup security encrypted passwords

/etc/dialups lines which require dialup security

/etc/hosts.equiv system list of equivalent hosts allowing logins without passwords

/etc/logingroup group file − defines group access lists

/etc/motd message-of-the-day

/etc/passwd password file − defines users, passwords, and primary groups

/etc/profile system profile (initialization for all users)

/etc/securetty list of valid ttys for root login

/etc/utmp users currently logged in

/etc/wtmp history of logins, logouts, and date changes

/usr/mail/your_name mailbox for user your_name

VARIABLES

HOME user’s home directory.

PATH path to be searched for commands.

SHELL which command interpreter is being used.

MAIL where to look for mail.

TERM user’s terminal type.

TZ current timezone.

xxx User-specified named variables.

Lxxx User-specified unnamed variables.

Museum

Related Articles