LOGIN(M) UNIX System V
Name
login - gives access to the system
Syntax
login [name [env-var ...]]
Description
The login command is used at the beginning of each terminal
session to identify users and allow them access to the
system. It cannot be invoked except when a connection is
first established, or after the previous user has logged out
by sending an end-of-file ( Ctrl-D ) to their initial shell.
login asks for a user name (if not supplied as an argument),
and, if appropriate, the user's password and a dialup
password. Echoing is turned off (where possible) during the
typing of the passwords, so it will not appear on the
written record of the session.
If the user makes a mistake in the login procedure the user
will receive the message
Login incorrect
and a new login prompt will appear. The number of login
attempts the user is allowed is configurable. If the user
makes too many unsuccessful login attempts, the user or the
terminal can be locked out.
If the login sequence is not completed successfully within a
configurable period of time (e.g., one minute), the user is
returned to the ``login:'' prompt or silently disconnected
from a dial-in line.
After a successful login, accounting files (/etc/utmp and
/etc/wtmp) are updated, the user is notified if they have
mail, and the start-up shell files (.profile for the Bourne
shell or .login for the C-shell) if any, are executed.
If the hushlogin feature is enabled in /etc/default/login
and a file named .hushlogin exists in the user's home
directory, login suppresses the printing out of the last
successful and last unsuccessful login times and the
copyright messages. login also sets the environment variable
HUSHLOGIN to TRUE, so the system and user initialization
files are aware a hushlogin is taking place and can suppress
output as appropriate (typically the message of the day, and
the calling of mail(C) and news(C) are suppressed). The
.hushlogin file itself does not need contain anything, it
only needs to exist.
login checks /etc/default/login for the following
definitions of the form DEFINE=value:
ALTSHELL
If ALTSHELL is set to YES or if it is not present in
/etc/default/login, then the SHELL environment variable
is set to whatever shell is specified in the user's
/etc/passwd entry. If ALTSHELL is set to NO, then the
SHELL environment variable is set only if the shell is
defined in the /usr/lib/mkuser directory (which is list
of recognized shells).
CONSOLE
The CONSOLE=device entry means that root can only log
in on the device listed. For example,
CONSOLE=/dev/console restricts root logins to the
console device.
ALLOWHUSH
The ALLOWHUSH entry is used to enable or disable the
hushlogin feature on a system wide basis. If
ALLOWHUSH=YES, login checks for the existence of a
.hushlogin file in the user's home directory. If the
file exists, the environment variable HUSHLOGIN is set
to TRUE and a quiet login takes place. If ALLOWHUSH=NO
or ALLOWHUSH=YES and there is no .hushlogin file in the
user's home directory, the environment variable
HUSHLOGIN is set to FALSE and the normal login messages
appear. If there is no ALLOWHUSH entry the HUSHLOGIN
environment variable is not set and the normal login
messages appear.
IDLEWEEKS
If a password has expired, the user is prompted to
choose a new one. If it has expired beyond IDLEWEEKS,
the user is not allowed to log in, and must consult
system administrator. Works in conjunction with
passwd(C). See cautions under Notes.
OVERRIDE
This allows root to log in on the console even if the
protected password database entry for root is
corrupted. login checks /etc/default/login to see if
there is an entry similar to the following, which
identifies the tty to be used when doing an override
login for root:
OVERRIDE=tty01
PASSREQ
If PASSREQ=YES, this forces the user to select a
password if they do not have one. PASSREQ=NO allows
users to have accounts without passwords. See cautions
under Notes.
SUPATH
If a user's UID is 0 (i.e. if this is the superuser),
the PATH variable is set to SUPATH, if SUPATH is
specified in /etc/default/login. It is not advisable
for SUPATH to include the current directory symbol (.).
Note that an empty directory (``::'' or ``:'' at the
beginning or end) is equivalent to ``.''.
ULIMIT
This variable defines the maximum allowable file size.
The default is 2,097,152 blocks, or 1 gigabyte. When
setting ULIMIT, be sure to specify even numbers, as the
ULIMIT variable accepts a number of 512-byte blocks.
UMASK
This is the default file creation mask (see umask(C)).
login initializes the user and group IDs and the working
directory, then executes a command interpreter (usually
sh(C)) according to specifications found in the /etc/passwd
file. Argument 0 of the command interpreter is a dash (-)
followed by the last component of the interpreter's
pathname. The basic environment (see environ(M)) is
initialized to:
HOME= user-login-directory
SHELL=last field of passwd entry
MAIL=/usr/spool/mail/user-login-name
Possible HUSHLOGIN=TRUE or FALSE
Initially, umask is set to octal 022 by login.
Files
/etc/utmp Information on current logins
/etc/wtmp History of logins since last
multiuser
/usr/spool/mail/name Mailbox for user name
/etc/motd Message of the day
/etc/default/login Default values for environment
variables and login behaviour.
/etc/passwd Password file
/etc/profile System profile for Bourne or Korn
shell
$HOME/.profile Personal profile for Bourne or
Korn shell
$HOME/.login Personal C shell login file
$HOME/.cshrc Personal C shell initialization
file
$HOME/.hushlogin make login quieter
See Also
environ(M), getty(ADM), initscript(F), machine(HW), mail(C),
newgrp(C), passwd(C), passwd(F), profile(M), su(C), sh(C),
ulimit(S), umask(C), who(C)
Diagnostics
Not on system console
login is set up to allow root to log on on the
console only, and the user is not on the system
console.
Login incorrect
The login or dialup password is incorrect.
Unable to change directory to dir
login cannot change directories to the home
directory as specified by /etc/passwd.
No utmp entry. You must exec 'login' from the lowest
level 'sh'.
init did not put an entry in utmp.
No Root Directory
The shell field starts with a '*', and the attempt
to do a chroot to the home directory failed.
You don't have a password.
A password is required and it hasn't been set
previously.
Protected Password information suddenly vanished
During the course of working with the protected
password database information the pointer pointing
to the static version of the information has
suddenly disappeared.
Cannot execute passwd program
The password program cannot be executed for some
reason.
Login aborted due to no password.
The password program has returned an error while
setting a password, as when the <DEL> key is
pressed.
Can't rewrite protected password entry for user name,
Authentication error; see Account Administrator
The login program cannot update the protected
password database entry.
Protected Password database problem
After updating Protected Password data, login
reads the information again and the entry cannot
be read. This can be caused by redundant -t and
-t lockfiles, tcbck(ADM) describes how to remove
them from the system.
Account is disabled but console login is allowed.
Account is disabled -- see Account Administrator.
If the account is locked, but root is logging in
on the console (OVERRIDE tty), the first message
is displayed; an ordinary user will see the
second.
Account has been retired -- logins are no longer allowed.
The account is retired - see unretire(ADM) and
rmuser(ADM) on how to unretire or remove an
account.
Cannot set terminal mode.
The chmod of the tty failed.
Bad login user id.
No uid has been set. This can be due to a missing
critical database file, such as
/etc/auth/system/authorize. Run authck(ADM) and
check any error messages. This message will also
be issued if login is run from an established
login session rather that from init(M).
Wait for login retry.
Wait for login exit.
A login attempt has failed, and the system is
configured to enforce a delay between login
attempts.
user appears in /etc/passwd but not in Protected
Password database
If the user is in /etc/passwd but not in the
Protected Password database, there is no message
printed, but login generates the following audit
record.
Cannot obtain database information on this terminal
login cannot get information from the
/etc/auth/system/ttys file for the tty line.
Error in terminal setup.
Something is wrong with the terminal setup (for
example, stdin, stdout, and stderr are the same
thing).
Cannot obtain settings for this terminal
The ioctl(S) on the tty device failed.
No login program on root
When attempting to do a sublogin (chrooting to a
subtree for a restricted login), no login program
was found.
Can't rewrite terminal control entry for tty,
Authentication error; see Account Administrator
The information for the login tty cannot be
updated.
Terminal Control information suddenly vanished
During the course of working with the terminal
database information the pointer pointing to the
static version of the information suddenly
disappeared.
Bad priority setting.
nice failed to set the nice value specified in the
Protected Password entry for the user.
Bad group id.
The call to setgid failed.
Bad user id.
The call to setuid failed.
Unable to set kernel authorizations.
The call to set the kernel authorizations failed.
Login timed out
login received an ALARM signal. Note: login sets
this itself, but it could conceivably come from
somewhere else.
Terminal is disabled but root login is allowed.
Terminal is disabled -- see Account Administrator.
If the terminal is disabled and root attempts to
login on the (OVERRIDE) tty the first message is
displayed; the second message is displayed when
any other user attempts to login on a disabled
terminal.
The security databases are corrupt.
However, root login at terminal tty is allowed,
This is the message displayed when the OVERRIDE
tty is used during a security problem.
Impossible to execute /bin/sh!
login cannot execute the shell program for doing
an OVERRIDE.
Notes
login cannot be executed from a shell.
Environment variables such as HZ, PATH, and so forth should
not be defined in /etc/default/login. Instead use
/etc/initscript to set global variables.
Sublogins (indicated by a shell of ``*'') are not supported
and cause a warning.
Although IDLEWEEKS and PASSREQ are supported for
compatibility with other UNIX systems, their use is not
recommended. The proper way to set the behavior defined by
these variables is by use of the sysadmsh(ADM) Accounts
selection.
(printed 12/11/90) LOGIN(M)