login(1) — USER COMMANDS
NAME
login − sign on
SYNOPSIS
login [ -d device ] [ name [ environ ... ]]
DESCRIPTION
The login command is used at the beginning of each terminal session and allows you to identify yourself to the system. It may be invoked as a command or by the system when a connection is first established. It is invoked by the system when a previous user has terminated the initial shell by typing a CTRL-d to indicate an end-of-file.
If login is invoked as a command it must replace the initial command interpreter. This is accomplished by typing
exec login
from the initial shell.
login asks for your user name (if it is not supplied as an argument), and if appropriate, your password. Echoing is turned off (where possible) during the typing of your password, so it will not appear on the written record of the session.
If there are no lower-case characters in the first line of input processed, login assumes the connecting TTY is an upper-case-only terminal and sets the port’s termio(7) options to reflect this.
login accepts a device option, device. device is taken to be the path name of the TTY port login is to operate on. The use of the device option can be expected to improve login performance, since login will not need to call ttyname(3).
If you make any mistake in the login procedure, the message
Login incorrect
is printed and a new login prompt will appear. If you make five incorrect login attempts, all five may be logged in /var/adm/loginlog (if it exists) and the TTY line will be dropped.
If you do not complete the login successfully within a certain period of time (e.g., one minute), you are likely to be silently disconnected.
After a successful login (Bourne shell or Korn shell), accounting files are updated, the /etc/profile script is executed, the time you last logged in is printed, /etc/motd is printed, the user-ID, group-ID, supplementary group list, working directory, and command interpreter (usually sh) are initialized, and the file .profile in the working directory is executed, if it exists. (For the C shell, /etc/profile and .profile are not executed; instead, the C shell executes /etc/.login, the startup files .cshrc and .login.) The name of the command interpreter is − followed by the last component of the interpreter’s path name (e.g., −sh). If this field in the password file is empty, then the default command interpreter, /usr/bin/sh is used. If this field is ∗, then the named directory becomes the root directory, the starting point for path searches for path names beginning with a /. At that point login is re-executed at the new level which must have its own root structure, including /var/adm/login and /etc/passwd.
login reads and sets its environment from /etc/default/login. The basic environment is initialized to:
HOME=your-login-directory
LOGNAME=your-login-name
PATH=/usr/bin
SHELL=last-field-of-passwd-entry
MAIL=/var/mail/your-login-name
TZ=timezone-specification
The environment may be expanded or modified by supplying additional arguments to login, either at execution time or when login requests your login name. The arguments may take either the form xxx or xxx=yyy. Arguments without an equal sign are placed in the environment as
Ln=xxx
where n is a number starting at 0 and is incremented each time a new variable name is required. Variables containing an = are placed in the environment without modification. If they already appear in the environment, then they replace the older value. There are two exceptions. The variables PATH and SHELL cannot be changed. This prevents people, logging into restricted shell environments, from spawning secondary shells which are not restricted. login understands simple single-character quoting conventions. Typing a backslash in front of a character quotes it and allows the inclusion of such characters as spaces and tabs.
SECURITY
If the C2 Security package is installed, the login(1) command contains a number of additional requirements:
All users must have a password. If root does not have a password, they will be forced to choose one before being allowed to login. All others users will not be allowed to login. When the C2 Security package is installed, the PASSREQ flag in the /etc/default/login is ignored.
All users must have an authentication ID in the /var/security/audit_id file (see audit_id(4)).
All users must have an audit mask in the /var/security/aumask file (see aumask(4)).
FILES
/var/adm/utmpaccounting
/var/adm/wtmpaccounting
/var/mail/your-namemailbox for user your-name
/var/adm/loginlogrecord of failed login attempts
/etc/default/loginenvironment variables
/etc/motdmessage-of-the-day
/etc/passwdpassword file
/etc/profilesystem profile
.profileuser’s login profile
/var/adm/lastlogtime of last login
SEE ALSO
mail(1), newgrp(1M), sh(1), su(1M), dialups(4), d_passwd(4), loginlog(4), passwd(4), profile(4), environ(5).
DIAGNOSTICS
login incorrect if the user name or the password cannot be matched.
No shell, cannot open password file, or no directory: consult a system engineer.
No utmp entry. You must exec "login" from the lowest level "sh" if you attempted to execute login as a command without using the shell’s exec internal command or from a shell other than the initial shell.
Failed to get/set authentication ID the administrator has not established an authentication ID in the /var/security/audit_id file.
Your audit mask has not been established the administrator has not established an audit mask in the /var/security/aumask file.
NOTES
This command should only be used for ASCII terminals.
For information on setting up dialup passwords, see dialup(4) and d_passwd(4).
For a chroot login, login creates an entry in the chroot tree’s utmp file, which is a duplicate of the entry in the real root’s utmp file. However, when a user logs out, the rlogind or telnetd updates only the real root’s utmp file to reflect that the user is logged out. Therefore, in a chroot environment, when a user does a who, one may see users that are logged out already.
— Essential Utilities