login(1) DG/UX R4.11MU05 login(1)
NAME
login - sign on
SYNOPSIS
login [ -s servicename ] [ -n locationname ] [ -a locationdescription
] [ -d device ] [ name [ -l macalias ] [ environ ... ]]
DESCRIPTION
The login command is used at the beginning of each terminal session
and allows you to identify yourself to the system. It will be
invoked by the system when a connection is first established.
On a generic DG/UX system, if login is invoked as a command, it must
replace the initial command interpreter. This is accomplished by
typing
exec login
from the initial shell.
login asks for your user name (if it is not supplied as an argument),
and if appropriate, your password. Echoing is turned off (where
possible) during the typing of your password, so it will not appear
on the written record of the session.
If there are no lower-case characters in the first line of input
processed, login assumes the connecting TTY is an upper-case-only
terminal and sets the port's termio(7) options to reflect this.
login accepts a device option, device. device is taken to be the
pathname of the TTY port login is to operate on. The use of the
device option can be expected to improve login performance, since
login will not need to call ttyname(3C).
On a system with DG/UX information security, if the -l option is
provided, login attempts to create the session with a process
clearance (MAC label) of macalias, if permitted by the authorizations
for the login service in the A&A database. In addition, on a system
with DG/UX information security, the -l option can be entered from
the Login: prompt, e.g.,
Login: nathan -l acrlo
The session will be created with the desired MAC label, if permitted
by the login service authorizations; otherwise, service will be
denied.
The ability to create a login session from a particular device is
limited by the MAC range of sessions allowed by that device. It is
possible for a user's login service authorization to allow a user to
login at a certain macalias, but for the device MAC range to deny it.
In this case, the attempt to create the login session will fail.
If you make any mistake in the login procedure, the message
Login incorrect
is printed and a new login prompt will appear.
If you're on a system with DG/UX information security and your
password has expired and you have failed to change it, the message
Service denied
is printed, and a new login prompt appears.
If you do not complete the login successfully within a certain period
of time (normally, one minute), you are likely to be silently
disconnected.
Once you have correctly identified yourself, login will check license
information provided by usermond(1M). Usermond(1M) maintains license
information including the license and user count to
/var/license/.licensedata. If you are not currently logged into
this system, you may be denied access if the user count exceeds the
license. If this happens, the message
Login denied due to access restrictions
is printed and a new login prompt will appear.
After a successful login, accounting files are updated, the
/etc/profile script is executed, /etc/motd is printed, and the user-
ID, group-ID, supplementary group list, working directory, and
command interpreter (usually sh) are initialized. On a system with
DG/UX information security, applicable security parameters are also
initialized. These parameters are found in the Authentication and
Authorization (A&A) database entries for the user.
If the initialized command interpreter is sh, login instructs sh to
perform the procedure /etc/profile. In addition, if the file
.profile exists in the working directory, sh executes it as well. On
a generic DG/UX system, these specifications are found in the
/etc/passwd file entry for the user. The process name of the command
interpreter is - followed by the last component of the interpreter's
pathname (e.g., -sh). If this field in the password file is empty,
then the default command interpreter, /usr/bin/sh, is used. If this
field is *, then a chroot(2) is done to the directory named in the
directory field of the entry making it the root directory. At that
point login is re-executed at the new level which must have its own
root structure, including /etc/login and /etc/passwd.
The basic environment is initialized to:
HOME=your-login-directory
LOGNAME=your-login-name
PATH=/usr/bin
SHELL=command-interpreter-pathname
MAIL=/var/mail/your-login-name
TZ=timezone-specification
The environment may be expanded or modified by supplying additional
arguments to login, either at execution time or when login requests
your login name. The arguments may take either the form xxx or
xxx=yyy. Arguments without an equal sign are placed in the
environment as
Ln=xxx
where n is a number starting at 0 and is incremented each time a new
variable name is required. Variables containing an = are placed in
the environment without modification. If they already appear in the
environment, then they replace the older value. There are two
exceptions. The variables PATH and SHELL cannot be changed. This
prevents people who log into restricted shell environments from
spawning secondary shells that are not restricted. login understands
simple single-character quoting conventions. Typing a backslash in
front of a character quotes it and allows the inclusion of such
characters as spaces and tabs.
The system administrator can modify the behavior of login by setting
variables in the /etc/default/login file. The following variables
affect both traditional DG/UX systems and trusted systems:
ALTERNATEDIR
If a user's home directory is unreachable, login places
the user in this directory instead. Set
ALTERNATEDIR=animpossiblevalue or ALTERNATEDIR= to
prevent users with unreachable home directories from
logging on. The default is as if ALTERNATEDIR=/.
ALTSHELL If set to "YES" the SHELL environment variable
containing the pathname of the user's shell will be
declared as part of the basic initial environment.
HZ Default value for the HZ (hertz) environment variable.
If not set, the value of HZ defaults to 100.
PATH On a traditional DG/UX system, this is the default value
of the PATH environment variable for all non-superuser
logins on the system. On a system with DG/UX
information security, this is the default value of PATH
for all logins on the system. If not set, the default
is "/usr/bin".
TIMEOUT Maximum amount of time in seconds to wait on a
successful login attempt before disconnecting. The
maximum value allowed is 900 (15 minutes). If not set,
timeout period defaults to 60 seconds. Setting TIMEOUT
0 disables the timeout feature.
TIMEZONE Default value for the TZ (time zone) environment
variable. If not set, the value of TZ defaults to
"EST5EDT".
ULIMIT Maximum size allowed for user files (in blocks). If
ULIMIT is not set, no file size limit is enforced.
UMASK Default umask for system users. If UMASK is not set the
default umask on a traditional DG/UX system will be 022,
and on a trusted system umask will be 077.
UPPEROLD Normally, if there are no lower-case characters in the
first line of input processed, login assumes the
connecting TTY is an upper-case-only terminal and sets
the port's termio(7) options to reflect this. Setting
UPPEROLD to NO disables this functionality.
USERNAMEPROMPT
If set, this string overrides the built-in username
prompt (login: ). The prompt that is configured for a
port service under ttymon control may or may not
override both the built-in prompt and USERNAMEPROMPT,
depending on other port service settings.
LASTLOG Set LASTLOG=/var/adm/lastlog to have login update that
file each time a user logs on.
LOGINLOGFLAGS
Add values together to determine whether and what login
will record in the /var/adm/loginlog file. To log each
individual username/password failure, include 4. To
write one log entry each time the entire series of
username/password queries posed by an invocation of
login fails, include 2. To log successful logons,
include 1. By default, /var/adm/loginlog is not used.
SYSLOGFLAGS Add values together as with LOGINLOGFLAGS, but to
determine whether and what login will log via
syslog(LOGNOTICE | LOGAUTH). The default is as if
SYSLOGFLAGS=0 on traditional DG/UX systems, and
SYSLOGFLAGS=4 on systems with DG/UX information
security.
The following variables affect only traditional DG/UX systems:
CONSOLE If set, superuser login is allowed only on the terminal
specified. E.g., "CONSOLE=/dev/console" restricts
superuser login to the console. If not set, no
restrictions are placed on superuser login.
PASSREQ If set to "YES" a password is required for all non-
superusers on the system. If a new user account is
added with no password, login will prompt for a password
the first time the user attempts to log in.
SUPATH Default value of PATH environment variable for all
superuser logins on the system. If not set, the default
is "/sbin:/usr/sbin:/usr/bin:/etc".
On a trusted DG/UX system, agents such as ttymon or rlogind that exec
login must supply the options -s servicename, -n locationname, and -a
locationdescription. The -s servicename option identifies the
service for which login is being invoked, and for which the user's
authorization will be checked. On a system with DG/UX information
security, if you omit -s servicename, login denies service, and logs
the denial using syslog(3C).
The -n locationname option identifies the location from which the
user is logging in. On a system with DG/UX information security, if
-n locationname is not supplied, login will default the location name
to that of the tty or pseudo-tty attached to stdin. This default is
appropriate for access to direct-connect terminals via ttymon, for
example, but inappropriate for access from a network -- knowing the
pseudo-tty name tells little or nothing about the actual location of
the user. The -a locationdescription option gives an ASCII name used
to identify the type of locationname in a syslog message whenever a
login attempt fails. On a secure DG/UX system, if -a
locationdescription is not supplied, login failures will not be
recorded in syslog. These options have no effect on a standard DG/UX
system.
FILES
/etc/utmp accounting
/etc/wtmp accounting
/var/license/.licensedata license information
/var/mail/your-name mailbox for user your-name
/etc/default/login login system-wide default settings
/etc/motd message-of-the-day
/etc/passwd password file
/etc/profile system profile
.profile user's login profile
A&A database Authentication and Authorization database
(pertains to a system with DG/UX information security only)
DIAGNOSTICS
Login incorrect
This is the general message that appears if the user cannot login,
e.g. when the name and the password cannot be matched.
Service denied
(Pertains to a system with DG/UX information security only) This
message appears if your password has expired, and you have failed to
change it.
Login denied due license restrictions
This message will appear when your user count exceeds your license.
If this message appears, consult your system administrator.
No shell, cannot open password file, or no directory
If these messages appear consult your system administrator.
No utmp entry. You must exec login from the lowest level sh.
On a traditional DG/UX system, this message appears if you attempted
to execute login as a command without using the shell's exec internal
command or from a shell other than the initial shell. If you are on
a system with DG/UX information security and this message appears,
see your system administrator.
Cannot open /dev/tty.
This message appears if login is unable to open /dev/tty to read the
password.
System problem, please see your administrator
(Pertains to systems with DG/UX information security only) This
message appears if login is unable to set a MAC label on your tty
port.
SEE ALSO
mail(1), newgrp(1), sh(1), su(1), passwd(4), profile(4), environ(5),
usermond(1M).
Licensed material--property of copyright holder(s)