Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ login(M) — OpenDesktop 1.1.1g

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

environ(M)

getty(ADM)

initscript(F)

machine(HW)

mail(C)

newgrp(C)

passwd(C)

passwd(F)

profile(M)

su(C)

sh(C)

ulimit(S)

umask(C)

who(C)


     LOGIN(M)                             UNIX System V



     Name
          login - gives access to the system


     Syntax
          login [name [env-var ...]]


     Description
          The login command is used at the beginning of each  terminal
          session  to  identify  users  and  allow  them access to the
          system.  It cannot be invoked except when  a  connection  is
          first established, or after the previous user has logged out
          by sending an end-of-file ( Ctrl-D ) to their initial shell.

          login asks for a user name (if not supplied as an argument),
          and,  if  appropriate,  the  user's  password  and  a dialup
          password.  Echoing is turned off (where possible) during the
          typing  of  the  passwords,  so  it  will  not appear on the
          written record of the session.

          If the user makes a mistake in the login procedure the  user
          will receive the message

            Login incorrect

          and a new login prompt will appear.   The  number  of  login
          attempts  the  user is allowed is configurable.  If the user
          makes too many unsuccessful login attempts, the user or  the
          terminal can be locked out.

          If the login sequence is not completed successfully within a
          configurable  period of time (e.g., one minute), the user is
          returned to the ``login:'' prompt or  silently  disconnected
          from a dial-in line.

          After a successful login, accounting  files  (/etc/utmp  and
          /etc/wtmp)  are  updated,  the user is notified if they have
          mail, and the start-up shell files (.profile for the  Bourne
          shell or .login for the C-shell) if any, are executed.

          If the hushlogin feature is  enabled  in  /etc/default/login
          and  a  file  named  .hushlogin  exists  in  the user's home
          directory, login suppresses the printing  out  of  the  last
          successful   and  last  unsuccessful  login  times  and  the
          copyright messages. login also sets the environment variable
          HUSHLOGIN  to  TRUE,  so  the system and user initialization
          files are aware a hushlogin is taking place and can suppress
          output as appropriate (typically the message of the day, and
          the calling of mail(C) and  news(C)  are  suppressed).   The
          .hushlogin  file  itself  does not need contain anything, it
          only needs to exist.

          login   checks   /etc/default/login   for   the    following
          definitions of the form DEFINE=value:

          ALTSHELL
               If ALTSHELL is set to YES or if it is  not  present  in
               /etc/default/login, then the SHELL environment variable
               is set to whatever shell is  specified  in  the  user's
               /etc/passwd  entry.  If ALTSHELL is set to NO, then the
               SHELL environment variable is set only if the shell  is
               defined in the /usr/lib/mkuser directory (which is list
               of recognized shells).

          CONSOLE
               The CONSOLE=device entry means that root can  only  log
               in    on    the    device    listed.     For   example,
               CONSOLE=/dev/console  restricts  root  logins  to   the
               console device.

          ALLOWHUSH
               The ALLOWHUSH entry is used to enable  or  disable  the
               hushlogin   feature   on   a   system  wide  basis.  If
               ALLOWHUSH=YES, login checks  for  the  existence  of  a
               .hushlogin  file  in the user's home directory.  If the
               file exists, the environment variable HUSHLOGIN is  set
               to TRUE and a quiet login takes place.  If ALLOWHUSH=NO
               or ALLOWHUSH=YES and there is no .hushlogin file in the
               user's   home   directory,   the  environment  variable
               HUSHLOGIN is set to FALSE and the normal login messages
               appear.  If  there  is no ALLOWHUSH entry the HUSHLOGIN
               environment variable is not set and  the  normal  login
               messages appear.

          IDLEWEEKS
               If a password has expired,  the  user  is  prompted  to
               choose  a new one.  If it has expired beyond IDLEWEEKS,
               the user is not allowed to log  in,  and  must  consult
               system   administrator.    Works  in  conjunction  with
               passwd(C).  See cautions under Notes.

          OVERRIDE
               This allows root to log in on the console even  if  the
               protected   password   database   entry   for  root  is
               corrupted.  login checks /etc/default/login to  see  if
               there  is  an  entry  similar  to  the following, which
               identifies the tty to be used when  doing  an  override
               login for root:
               OVERRIDE=tty01

          PASSREQ
               If PASSREQ=YES,  this  forces  the  user  to  select  a
               password  if  they  do not have one.  PASSREQ=NO allows
               users to have accounts without passwords.  See cautions
               under Notes.

          SUPATH
               If a user's UID is 0 (i.e. if this is  the  superuser),
               the  PATH  variable  is  set  to  SUPATH,  if SUPATH is
               specified in /etc/default/login.  It is  not  advisable
               for SUPATH to include the current directory symbol (.).
               Note that an empty directory (``::'' or  ``:''  at  the
               beginning or end) is equivalent to ``.''.

          ULIMIT
               This variable defines the maximum allowable file  size.
               The  default  is 2,097,152 blocks, or 1 gigabyte.  When
               setting ULIMIT, be sure to specify even numbers, as the
               ULIMIT variable accepts a number of 512-byte blocks.

          UMASK
               This is the default file creation mask (see umask(C)).

          login initializes the user and group  IDs  and  the  working
          directory,  then  executes  a  command  interpreter (usually
          sh(C)) according to specifications found in the  /etc/passwd
          file.   Argument  0 of the command interpreter is a dash (-)
          followed  by  the  last  component  of   the   interpreter's
          pathname.    The   basic  environment  (see  environ(M))  is
          initialized to:

               HOME= user-login-directory
               SHELL=last field of passwd entry
               MAIL=/usr/spool/mail/user-login-name

          Possible HUSHLOGIN=TRUE or FALSE

          Initially, umask is set to octal 022 by login.

     Files
          /etc/utmp                  Information on current logins

          /etc/wtmp                  History  of  logins  since   last
          multiuser

          /usr/spool/mail/name       Mailbox for user name

          /etc/motd                  Message of the day

          /etc/default/login         Default values for environment
                                     variables and login behaviour.

          /etc/passwd                Password file

          /etc/profile               System profile for Bourne or Korn
          shell

          $HOME/.profile             Personal profile  for  Bourne  or
          Korn shell

          $HOME/.login               Personal C shell login file

          $HOME/.cshrc               Personal C  shell  initialization
          file

          $HOME/.hushlogin           make login quieter


     See Also
          environ(M), getty(ADM), initscript(F), machine(HW), mail(C),
          newgrp(C),  passwd(C),  passwd(F), profile(M), su(C), sh(C),
          ulimit(S), umask(C), who(C)


     Diagnostics
               Not on system console
                    login is set up to allow root to  log  on  on  the
                    console  only,  and  the user is not on the system
                    console.

               Login incorrect
                    The login or dialup password is incorrect.

               Unable to change directory to dir
                    login  cannot  change  directories  to  the   home
                    directory as specified by /etc/passwd.

               No utmp entry.  You must exec 'login' from  the  lowest
                    level 'sh'.
                    init did not put an entry in utmp.

               No Root Directory
                    The shell field starts with a '*', and the attempt
                    to do a chroot to the home directory failed.

               You don't have a password.
                    A password is required  and  it  hasn't  been  set
                    previously.

               Protected Password information suddenly vanished
                    During the course of working  with  the  protected
                    password database information the pointer pointing
                    to the  static  version  of  the  information  has
                    suddenly disappeared.

               Cannot execute passwd program
                    The password program cannot be executed  for  some
                    reason.

               Login aborted due to no password.
                    The password program has returned an  error  while
                    setting  a  password,  as  when  the  <DEL> key is
                    pressed.

               Can't rewrite protected password entry for user name,
               Authentication error; see Account Administrator
                    The login  program  cannot  update  the  protected
                    password database entry.

               Protected Password database problem
                    After  updating  Protected  Password  data,  login
                    reads  the  information again and the entry cannot
                    be read.  This can be caused by redundant  -t  and
                    -t  lockfiles,  tcbck(ADM) describes how to remove
                    them from the system.

               Account is disabled but console login is allowed.
               Account is disabled -- see Account Administrator.
                    If the account is locked, but root is  logging  in
                    on  the  console (OVERRIDE tty), the first message
                    is  displayed;  an  ordinary  user  will  see  the
                    second.

               Account has been retired -- logins are no longer allowed.
                    The account is retired  -  see  unretire(ADM)  and
                    rmuser(ADM)  on  how  to  unretire  or  remove  an
                    account.

               Cannot set terminal mode.
                    The chmod of the tty failed.

               Bad login user id.
                    No uid has been set.  This can be due to a missing
                    critical      database      file,      such     as
                    /etc/auth/system/authorize.  Run  authck(ADM)  and
                    check  any error messages.  This message will also
                    be issued if login  is  run  from  an  established
                    login session rather that from init(M).

               Wait for login retry.
               Wait for login exit.
                    A login attempt has  failed,  and  the  system  is
                    configured   to  enforce  a  delay  between  login
                    attempts.

               user  appears  in  /etc/passwd  but  not  in  Protected
                    Password database
                    If the user is  in  /etc/passwd  but  not  in  the
                    Protected  Password  database, there is no message
                    printed, but login generates the  following  audit
                    record.

               Cannot obtain database information on this terminal
                    login   cannot   get    information    from    the
                    /etc/auth/system/ttys file for the tty line.

               Error in terminal setup.
                    Something is wrong with the  terminal  setup  (for
                    example,  stdin,  stdout,  and stderr are the same
                    thing).

               Cannot obtain settings for this terminal
                    The ioctl(S) on the tty device failed.

               No login program on root
                    When attempting to do a sublogin (chrooting  to  a
                    subtree  for a restricted login), no login program
                    was found.

               Can't rewrite terminal control entry for tty,
               Authentication error; see Account Administrator
                    The  information  for  the  login  tty  cannot  be
                    updated.

               Terminal Control information suddenly vanished
                    During the course of  working  with  the  terminal
                    database  information  the pointer pointing to the
                    static  version  of   the   information   suddenly
                    disappeared.

               Bad priority setting.
                    nice failed to set the nice value specified in the
                    Protected Password entry for the user.

               Bad group id.
                    The call to setgid failed.

               Bad user id.
                    The call to setuid failed.

               Unable to set kernel authorizations.
                    The call to set the kernel authorizations failed.

               Login timed out
                    login received an ALARM signal.  Note: login  sets
                    this  itself,  but  it could conceivably come from
                    somewhere else.

               Terminal is disabled but root login is allowed.
               Terminal is disabled -- see Account Administrator.
                    If the terminal is disabled and root  attempts  to
                    login  on the (OVERRIDE) tty  the first message is
                    displayed; the second message  is  displayed  when
                    any  other  user  attempts  to login on a disabled
                    terminal.

               The security databases are corrupt.
               However, root login at terminal tty is allowed,
                    This is the message displayed  when  the  OVERRIDE
                    tty is used during a security problem.

               Impossible to execute /bin/sh!
                    login cannot execute the shell program  for  doing
                    an OVERRIDE.


     Notes
          login cannot be executed from a shell.

          Environment variables such as HZ, PATH, and so forth  should
          not   be   defined   in   /etc/default/login.   Instead  use
          /etc/initscript to set global variables.

          Sublogins (indicated by a shell of ``*'') are not  supported
          and cause a warning.

          Although   IDLEWEEKS   and   PASSREQ   are   supported   for
          compatibility  with  other  UNIX  systems,  their use is not
          recommended.  The proper way to set the behavior defined  by
          these  variables  is  by  use  of the sysadmsh(ADM) Accounts
          selection.




     (printed 12/11/90)                                  LOGIN(M)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026