79bf2081fe
(last changelog entry: 2007-02-01) This also adds the files which were present in the CVS repository, but not present in the shadow archives.
284 lines
9.5 KiB
XML
284 lines
9.5 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<refentry id='login.1'>
|
|
<!-- $Id: login.1.xml,v 1.29 2007/02/01 20:49:25 kloczek Exp $ -->
|
|
<refmeta>
|
|
<refentrytitle>login</refentrytitle>
|
|
<manvolnum>1</manvolnum>
|
|
<refmiscinfo class="sectdesc">User Commands</refmiscinfo>
|
|
</refmeta>
|
|
<refnamediv id='name'>
|
|
<refname>login</refname>
|
|
<refpurpose>begin session on the system</refpurpose>
|
|
</refnamediv>
|
|
<!-- body begins here -->
|
|
<refsynopsisdiv id='synopsis'>
|
|
<cmdsynopsis>
|
|
<command>login</command>
|
|
<arg choice='opt'>-p </arg>
|
|
<arg choice='opt'>
|
|
<replaceable>username</replaceable></arg>
|
|
<arg choice='opt' rep='repeat'> <replaceable>ENV=VAR</replaceable></arg>
|
|
</cmdsynopsis>
|
|
<cmdsynopsis>
|
|
<command>login</command>
|
|
<arg choice='opt'>-p </arg>
|
|
<arg choice='opt'>-h <replaceable>host</replaceable></arg>
|
|
<arg choice='opt'>-f <replaceable>username</replaceable></arg>
|
|
</cmdsynopsis>
|
|
<cmdsynopsis>
|
|
<command>login</command>
|
|
<arg choice='opt'>-p </arg>
|
|
<arg choice='plain'>-r <replaceable>host</replaceable></arg>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1 id='description'>
|
|
<title>DESCRIPTION</title>
|
|
<para>
|
|
The <command>login</command> program is used to establish a new session
|
|
with the system. It is normally invoked automatically by responding to
|
|
the <emphasis remap='I'>login:</emphasis> prompt on the user's
|
|
terminal. <command>login</command> may be special to the shell and may
|
|
not be invoked as a sub-process. Typically, <command>login</command>
|
|
is treated by the shell as <emphasis remap='B'>exec login</emphasis>
|
|
which causes the user to exit from the current shell. Attempting to
|
|
execute <command>login</command> from any shell but the login shell
|
|
will produce an error message.
|
|
</para>
|
|
|
|
<para>
|
|
The user is then prompted for a password, where appropriate. Echoing
|
|
is disabled to prevent revealing the password. Only a small number of
|
|
password failures are permitted before <command>login</command> exits
|
|
and the communications link is severed.
|
|
</para>
|
|
|
|
<para>
|
|
If password aging has been enabled for your account, you may be
|
|
prompted for a new password before proceeding. You will be forced to
|
|
provide your old password and the new password before continuing.
|
|
Please refer to <citerefentry>
|
|
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry> for more information.
|
|
</para>
|
|
|
|
<para>
|
|
After a successful login, you will be informed of any system messages
|
|
and the presence of mail. You may turn off the printing of the system
|
|
message file, <filename>/etc/motd</filename>, by creating a
|
|
zero-length file <filename>.hushlogin</filename> in your login directory.
|
|
The mail message will be one of "<emphasis>You have new
|
|
mail.</emphasis>", "<emphasis>You have mail.</emphasis>", or
|
|
"<emphasis>No Mail.</emphasis>" according to the condition of your
|
|
mailbox.
|
|
</para>
|
|
|
|
<para>
|
|
Your user and group ID will be set according to their values in the
|
|
<filename>/etc/passwd</filename> file. The value for
|
|
<envar>$HOME</envar>, <envar>$SHELL</envar>, <envar>$PATH</envar>,
|
|
<envar>$LOGNAME</envar>, and <envar>$MAIL</envar> are set according
|
|
to the appropriate fields in the password entry. Ulimit, umask and nice
|
|
values may also be set according to entries in the GECOS field.
|
|
</para>
|
|
|
|
<para>
|
|
On some installations, the environmental variable
|
|
<envar>$TERM</envar> will be initialized to the terminal type on
|
|
your tty line, as specified in <filename>/etc/ttytype</filename>.
|
|
</para>
|
|
|
|
<para>
|
|
An initialization script for your command interpreter may also be
|
|
executed. Please see the appropriate manual section for more
|
|
information on this function.
|
|
</para>
|
|
|
|
<para>
|
|
A subsystem login is indicated by the presence of a "*" as the first
|
|
character of the login shell. The given home directory will be used as
|
|
the root of a new file system which the user is actually logged into.
|
|
</para>
|
|
|
|
<para>
|
|
The <command>login</command> program is NOT responsible for removing
|
|
users from the utmp file. It is the responsibility of
|
|
<citerefentry><refentrytitle>getty</refentrytitle>
|
|
<manvolnum>8</manvolnum></citerefentry> and
|
|
<citerefentry><refentrytitle>init</refentrytitle>
|
|
<manvolnum>8</manvolnum></citerefentry> to clean up apparent ownership
|
|
of a terminal session. If you use <command>login</command> from the
|
|
shell prompt without <command>exec</command>, the user you use will
|
|
continue to appear to be logged in even after you log out of the
|
|
"subsession".
|
|
</para>
|
|
|
|
</refsect1>
|
|
|
|
<refsect1 id='options'>
|
|
<title>OPTIONS</title>
|
|
<variablelist remap='IP'>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-f</option>
|
|
</term>
|
|
<listitem>
|
|
<para>Do not perform authentication, user is preauthenticated.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-h</option>
|
|
</term>
|
|
<listitem>
|
|
<para>Name of the remote host for this login.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-p</option>
|
|
</term>
|
|
<listitem>
|
|
<para>Preserve environment.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-r</option>
|
|
</term>
|
|
<listitem>
|
|
<para>Perform autologin protocol for rlogin.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
|
|
<para>
|
|
The <option>-r</option>, <option>-h</option> and <option>-f</option>
|
|
options are only used when <command>login</command> is invoked by
|
|
root.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id='caveats'>
|
|
<title>CAVEATS</title>
|
|
<para>
|
|
This version of <command>login</command> has many compilation options,
|
|
only some of which may be in use at any particular site.
|
|
</para>
|
|
|
|
<para>The location of files is subject to differences in system
|
|
configuration.
|
|
</para>
|
|
|
|
<para>
|
|
The <command>login</command> program is NOT responsible for removing
|
|
users from the utmp file. It is the responsibility of <citerefentry>
|
|
<refentrytitle>getty</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry> and <citerefentry>
|
|
<refentrytitle>init</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry> to clean up apparent ownership of a terminal session.
|
|
If you use <command>login</command> from the shell prompt without
|
|
<command>exec</command>, the user you use will continue to appear to
|
|
be logged in even after you log out of the "subsession".
|
|
</para>
|
|
|
|
<para>
|
|
As with any program, <command>login</command>'s appearance can be faked.
|
|
If non-trusted users have physical access to a machine, an
|
|
attacker could use this to obtain the password of the next person
|
|
coming to sit in front of the machine. Under Linux, the SAK mechanism can be
|
|
used by users to initiate a trusted path and prevent this kind of
|
|
attack.
|
|
</para>
|
|
|
|
</refsect1>
|
|
|
|
<refsect1 id='files'>
|
|
<title>FILES</title>
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><filename>/var/run/utmp</filename></term>
|
|
<listitem>
|
|
<para>List of current login sessions.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><filename>/var/log/wtmp</filename></term>
|
|
<listitem>
|
|
<para>List of previous login sessions.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><filename>/etc/passwd</filename></term>
|
|
<listitem>
|
|
<para>User account information.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><filename>/etc/shadow</filename></term>
|
|
<listitem>
|
|
<para>Secure user account information.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><filename>/etc/motd</filename></term>
|
|
<listitem>
|
|
<para>System message of the day file.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><filename>/etc/nologin</filename></term>
|
|
<listitem>
|
|
<para>Prevent non-root users from logging in.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><filename>/etc/ttytype</filename></term>
|
|
<listitem>
|
|
<para>List of terminal types.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><filename>$HOME/.hushlogin</filename></term>
|
|
<listitem>
|
|
<para>Suppress printing of system messages.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1 id='see_also'>
|
|
<title>SEE ALSO</title>
|
|
<para>
|
|
<citerefentry>
|
|
<refentrytitle>mail</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>nologin</refentrytitle><manvolnum>5</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>securetty</refentrytitle><manvolnum>5</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>getty</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>.
|
|
</para>
|
|
</refsect1>
|
|
</refentry>
|