LOGIN(1) — HP-UX
NAME
login − sign on
SYNOPSIS
login [ name [ env-var ... ]]
login - -r rhost
DESCRIPTION
The login command is used at the beginning of each terminal session and allows you to identify yourself to the system. It may be invoked as a command or by the system when a connection is first established. Also, it is invoked by the system when a previous user has terminated the initial shell by typing a cntrl-d to indicate an “end-of-file.”
If login is invoked as a command it must replace the initial command interpreter. This is accomplished by typing:
exec login
from the initial shell.
Login asks for your user name (if not supplied as an argument), and, if appropriate, your password. Echoing is turned off (where possible) during the typing of your password, so it will not appear on the written record of the session. An invalid login name will cause a request for a password. This is done to make it more difficult for an unauthorized user to log in on the system by trial and error. After three unsuccessful login attempts, a hangup signal is issued.
The -r option is only useful on those installations which support the Berkeley remote login service rlogin. This option is used by the rlogin server to inform login that a remote login is being attempted from the given remote hostname rhost. Login then reads the remote user’s name remuser, the local user’s name locuser, and the user’s remote terminal type. Login then uses the following three conditions to decide if the user can be logged in without asking for a password:
The remote host rhost appears in the file /etc/hosts.equiv and remuser = locuser.
The file $HOME/.rhosts contains a line listing just rhost and remuser = locuser, where $HOME is locuser’s login directory.
The file $HOME/.rhosts contains a line listing the remote host rhost followed by the remote user remuser, seperated by exactly one space.
If none of these conditions are met, then a password is prompted for as if locuser had been specified as the user name on the command line. Once the user is logged in, login proceeds as in a normal login.
For security reasons, the following conditions also apply to the -r option:
Login must be running as the super-user (uid = 0).
If attempting to login as the super-user (uid = 0), then the file /etc/hosts.equiv is not checked, though the file $HOME/.rhosts is still searched.
The file $HOME/.rhosts must be owned either by locuser or by the super-user.
The file $HOME/.rhosts must not be a symbolic link on those installations which support them.
At some installations, an option may be invoked that will require you to enter a second “dialup” password. This will occur only for dial-up connections, and will be prompted by the message “dialup password:”. Both passwords are required for a successful login. See dialups(4) for details on dialup security.
If password aging has been invoked by the super-user on your behalf, your password may have expired. In this case, you will be diverted into passwd(1) to change it, after which you may attempt to login again.
If you do not complete the login successfully within a certain period of time (e.g., one minute), you will be silently disconnected.
After a successful login, the accounting files are updated, the command interpreter (usually sh(1)) is determined, and the user and group id’s, group access list, and working directory are initialized. These specifications are found in the /etc/passwd and /etc/logingroup file entries for the user. The name of the command interpreter as passed to it is − followed by the last component of the interpreter’s pathname (i.e., −sh). If this field in the password file is empty, then the default command interpreter, /bin/sh is used. The command interpreter performs its own initialization, and does login initialization if the name by which it is called starts with −.
If sh(1) is the command interpreter, it executes the profile files /etc/profile and $HOME/.profile if they exist. Depending on what these profile files contain, you are notified of mail in your mail file or any messages you may have received since your last login.
If the command name field is “*”, then a chroot(2) is done to the directory named in the directory field of the entry. At that point login is re-executed at the new level which must have its own root structure, including /etc/login and /etc/passwd.
The basic environment (see environ(5)) is initialized to:
HOME=your-login-directory
PATH=:/bin:/usr/bin
SHELL=last-field-of-passwd-entry
MAIL=/usr/mail/your-login-name
TZ=timezone-specification
For the super-user, PATH is augmented to include /etc. In the case of a remote login, the enviroment variable TERM is also set to the remote user’s terminal type.
The environment may be expanded or modified by supplying additional arguments to login, either at execution time or when login requests your login name. The arguments may take either the form xxx or xxx=yyy. Arguments without an equal sign are placed in the environment as
Ln=xxx
where n is a number starting at 0 and is incremented each time a new variable name is required. Variables containing an = are placed into the environment without modification. If they already appear in the environment, then they replace the older value. There are two exceptions. The variables PATH and SHELL cannot be changed. This prevents people, logging into restricted shell environments, from spawning secondary shells which are not restricted. Both login and getty understand simple single-character quoting conventions. Typing a backslash in front of a character quotes it and allows the inclusion of such things as spaces and tabs.
If /etc/btmp is present, all unsuccessful login attempts are logged to this file. This feature is disabled if the file is not present. A summary of bad login attempts may be viewed using lastb, see last(1).
If /etc/securetty is present, login security is in effect and the super-user may only login successfully on the ttys listed in this file. Ttys are listed by device name, one per line. Valid tty names are dependent on installation. Some examples could be "console", "tty01", "ttya1", etc. Note that this feature does not inhibit a normal user from using su.
FILES
$HOME/.profile personal profile (individual user initialization)
$HOME/.rhosts personal equivalence file for the remote login server
/etc/btmp history of bad login attempts
/etc/d_passwd dialup security encrypted passwords
/etc/dialups lines which require dialup security
/etc/hosts.equiv system list of equivalent hosts allowing logins without passwords
/etc/logingroup group file − defines group access lists
/etc/motd message-of-the-day
/etc/passwd password file − defines users, passwords, and primary groups
/etc/profile system profile (initialization for all users)
/etc/securetty list of valid ttys for root login
/etc/utmp users currently logged in
/etc/wtmp history of logins, logouts, and date changes
/usr/mail/your-name mailbox for user your-name
VARIABLES
HOME The users home directory.
PATH The path to be searched for commands.
SHELL Which command interpreter is being used.
MAIL Where to look for mail.
TERM The user’s terminal type.
TZ The current timezone.
xxx User specified named variables.
L xxx User specified unnamed variables.
SEE ALSO
last(1), mail(1), newgrp(1), passwd(1), sh(1), su(1), getty(1M), initgroups(3C), dialups(4), group(4), passwd(4), profile(4), utmp(4), environ(5).
DIAGNOSTICS
The following diagnostics will appear if problems occur:
Login incorrect:
if the user name or the password cannot be matched.
No shell, cannot open password file, or no directory:
consult your system manager.
Your password has expired. Choose a new one:
if password aging is implemented.
No Root Directory:
attempted to log into a subdirectory that does not exist (i.e., passwd file entry had shell name "∗", but the system cannot chroot to the given directory).
No /bin/login or /etc/login on root:
same as above except sub-root login command not found.
Bad user id. or Bad group id.:
setuid or setgid failed.
Unable to change to directory <name>:
cannot chdir to your home directory.
No shell: your shell (or /bin/sh if your shell name is null in /etc/passwd) could not be exec’d.
Sorry, single-user:
occurs if the version field from uname(2) starts with A (or if the uname system call fails) and if your terminal name is not /dev/console and if your home shell is not named /usr/lib/uucp/uucico. You are not logged in.
No utmp entry. You must exec "login" from the lowest level "sh":
if you attempted to execute login as a command without using the shell’s exec internal command or from other than the initial shell.
.rhosts is a soft link:
if your personal equivalence file is a symbolic link.
Bad .rhosts ownership:
if your personal equivalence file is not owned by the local user or by the super-user.
Remuser too long, locuser too long, or terminal type too long:
if the indicated string was too long for login’s internal buffer.
AUTHOR
Login was developed by AT&T and HP.
Hewlett-Packard Company — May 11, 2021