Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ login(M) — OpenDesktop 3.0.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

environ(M)

getty(M)

initscript(ADM)

mail(C)

newgrp(C)

passwd(C)

passwd(F)

profile(M)

sh(C)

sg(C)

su(C)

ulimit(S)

umask(C)

who(C)


 login(M)                      06 January 1993                       login(M)


 Name

    login - give access to the system

 Syntax

    login [ name [ env-var ] ]

    login [ -r remotehost remotename localname ] ...

 Description

    The login command is used at the beginning of each terminal session to
    identify users and allow them access to the system.  It cannot be invoked
    except when a connection is first established, or after the previous user
    has logged out by sending an end-of-file (<Ctrl>d) to their initial
    shell.

    login asks for a user name (if not supplied as an argument), and, if
    appropriate, the user's password and a dialup password.  (For information
    on dialup passwords, refer to passwd(C)).  Echoing is turned off (where
    possible) during the typing of the passwords, so it will not appear on
    the written record of the session.

    If the user makes a mistake in the login procedure the user will receive
    the message ``Login incorrect'' and a new login prompt will appear.  The
    number of login attempts the user is allowed is configurable.  If the
    user makes too many unsuccessful login attempts, the user or the terminal
    can be locked out.

    If the login sequence is not completed successfully within a configurable
    period of time (for example, one minute), the user is returned to the
    ``login:'' prompt or silently disconnected from a dial-in line.

    The -r form of the command is used for remote logins across a network.
    The remote login must supply parameters in the order indicated; these are
    the name of the remote host from which the login is being attempted, the
    user's name on the remote host, and the user's name on the local host (on
    which the login process is running). This form of the login command is
    intended for use by network software rather than users.

    After a successful login, accounting files (/etc/utmp and /etc/wtmp) are
    updated, the user is notified if they have mail, and the start-up shell
    files (.profile for the Bourne shell or .login for the C-shell) if any,
    are executed.

    Login sets the user's supplemental groups list.  If the file .suppgroups
    is in the user's home directory, the supplemental groups list is taken
    from this.  The .suppgroups file contains a list of group names, one per
    line.  Groups are verified before they are added to the supplemental
    group list. To able to use a group, a user must either be explicitly
    listed in that group in /etc/group, or the group must have the group ID
    listed for the user in the /etc/passwd file.  If no .suppgroups file is
    found, the supplemental groups list is set from the /etc/group file plus
    the login group ID.

    If the hushlogin feature is enabled in /etc/default/login and a file
    named .hushlogin exists in the user's home directory, login suppresses
    the printing of the last successful and last unsuccessful login times and
    the copyright messages. login also sets the environment variable HUSHLO-
    GIN to TRUE, so the system and user initialization files are aware a
    hushlogin is taking place and can suppress output as appropriate (typi-
    cally the message of the day, and the calling of mail(C) and news(C) are
    suppressed).  The .hushlogin file itself does not need to contain any-
    thing; it only needs to exist.

    login checks /etc/default/login for the following definitions of the form
    DEFINE=value:

    ALTSHELL      If ALTSHELL is set to YES or if it is not present in
                  /etc/default/login, then the SHELL environment variable is
                  set to whatever shell is specified in the user's
                  /etc/passwd entry.  If ALTSHELL is set to NO, then the
                  SHELL environment variable is set only if the shell is
                  defined in the /usr/lib/mkuser directory (which is list of
                  recognized shells).

    CONSOLE       The CONSOLE=device entry means that root can only log in on
                  the device listed.  For example, CONSOLE=/dev/console re-
                  stricts root logins to the console device.

    ALLOWHUSH     The ALLOWHUSH entry is used to enable or disable the
                  hushlogin feature on a system-wide basis. If ALLOWHUSH=YES,
                  login checks for the existence of a .hushlogin file in the
                  user's home directory.  If the file exists, the environment
                  variable HUSHLOGIN is set to TRUE and a quiet login takes
                  place.  If ALLOWHUSH=NO or ALLOWHUSH=YES and there is no
                  .hushlogin file in the user's home directory, the environ-
                  ment variable HUSHLOGIN is set to FALSE and the normal log-
                  in messages appear. If there is no ALLOWHUSH entry, the
                  HUSHLOGIN environment variable is not set and the normal
                  login messages appear.

    IDLEWEEKS     If a password has expired, the user is prompted to choose a
                  new one. If it has expired beyond IDLEWEEKS, the user is
                  not allowed to log in, and must consult system administra-
                  tor.  This works in conjunction with passwd(C).

    OVERRIDE      This allows root to log in on the console even if the Pro-
                  tected Password database entry for root is corrupted.  log-
                  in checks /etc/default/login to see if there is an entry
                  similar to the following, which identifies the tty to be
                  used when doing an override login for root:

                     OVERRIDE=tty01


    PASSREQ       If PASSREQ=YES, a password is required.  Users who do not
                  have a password will be forced to select one.  PASSREQ=NO
                  allows users to have accounts without passwords.

    SUPATH        If a user's UID is 0 (that is, if this is the super user),
                  the PATH variable is set to SUPATH, if SUPATH is specified
                  in /etc/default/login.  It is not advisable for SUPATH to
                  include the current directory symbol ``.''.  Note that an
                  empty directory (``::''  or ``:'' at the beginning or end)
                  is equivalent to ``.''.

    ULIMIT        This variable defines the maximum allowable file size.  The
                  default is 2,097,152 blocks, or 1 gigabyte.  When setting
                  ULIMIT, be sure to specify even numbers, as the ULIMIT
                  variable accepts a number of 512-byte blocks.

    UMASK         This is the default file creation mask (see umask(C)).

    login initializes the user and group IDs and the working directory, then
    executes a command interpreter (usually sh(C)) according to specifica-
    tions found in the /etc/passwd file.  Argument 0 of the command inter-
    preter is a dash (-) followed by the last component of the interpreter's
    pathname. The basic environment (see environ(M)) is initialized to:

       HOME= user-login-directory
       SHELL=last field of passwd entry
       MAIL=/usr/spool/mail/user-login-name

    Possible HUSHLOGIN=TRUE or FALSE

    Initially, umask is set to octal 022 by login.

 Files

    /etc/utmp               Information on current logins
    /etc/wtmp               History of logins since last multiuser
    /usr/spool/mail/name    Mailbox for user name
    /etc/motd               Message of the day
    /etc/default/login      Default values for environment variables and log-
                            in behavior
    /etc/passwd             Password file
    /etc/profile            System profile for Bourne or Korn shell
    $HOME/.profile          Personal profile for Bourne or Korn shell
    $HOME/.login            Personal C shell login file
    $HOME/.cshrc            Personal C shell initialization file
    $HOME/.suppgroups       Supplemental groups file
    $HOME/.hushlogin        Make login quieter

 See also

    environ(M), getty(M), initscript(ADM), mail(C), newgrp(C), passwd(C),
    passwd(F), profile(M), sh(C), sg(C), su(C), ulimit(S), umask(C), who(C)

 Diagnostics


    Not on system console
         login is set up to allow root to log on to the console only, and the
         user is not on the system console.

    Login incorrect
         The login or dialup password is incorrect.

    Unable to change directory to dir
         login cannot change directories to the home directory as specified
         by /etc/passwd.

    No utmp entry.  You must exec 'login' from the lowest level 'sh'.
         init did not put an entry in utmp.

    No Root Directory
         The shell field starts with a ``*'', and the attempt to do a chroot
         to the home directory failed.

    You don't have a password.
         A password is required and it has not been set previously.

    Protected Password information suddenly vanished
         During the course of working with the Protected Password database
         information the pointer pointing to the static version of the infor-
         mation has suddenly disappeared.

    Cannot execute passwd program
         The password program cannot be executed for some reason.

    Login aborted due to no password.
         The password program has returned an error while setting a password,
         as when the <Del> key is pressed.

    Can't rewrite Protected Password entry for user name,
    Authentication error; see Account Administrator
         The login program cannot update the Protected Password database
         entry.

    Protected Password database problem
         After updating Protected Password data, login reads the information
         again and the entry cannot be read.  This can be caused by redundant
         database backup files and/or lockfiles; these may be distinguished
         by a -t suffix.  See tcbck(ADM) for information on these files and
         how to remove them from the system.

    Account is disabled but console login is allowed.
    Account is disabled -- see Account Administrator.
         If the account is locked, but root is logging in on the console
         (OVERRIDE tty), the first message is displayed; an ordinary user
         will see the second.

    Account has been retired -- logins are no longer allowed.
         The account is retired - see unretire(ADM) and rmuser(ADM) on how to
         unretire or remove an account.

    Cannot set terminal mode.
         The chmod of the tty failed.

    Bad login user id.
         No UID has been set. This can be due to a missing critical database
         file, such as /etc/auth/system/authorize.  Run authck(ADM) and check
         any error messages.  This message will also be issued if login is
         run from an established login session rather that from init(M).

    Wait for login retry.
    Wait for login exit.
         A login attempt has failed, and the system is configured to enforce
         a delay between login attempts.

    user appears in /etc/passwd but not in Protected Password database
         If the user is in /etc/passwd but not in the Protected Password
         database, there is no message printed, but login generates the audit
         record shown above.

    Cannot obtain database information on this terminal
         login cannot get information from /etc/auth/system/ttys for the tty
         line.

    Error in terminal setup.
         Something is wrong with the terminal setup (for example, stdin,
         stdout, and stderr are the same thing.)

    Cannot obtain settings for this terminal
         The ioctl(S) on the tty device failed.

    No login program on root
         When attempting to do a sublogin (chrooting to a subtree for a re-
         stricted login), no login program was found.

    Can't rewrite terminal control entry for tty,
    Authentication error; see Account Administrator
         The information for the login tty cannot be updated.

    Terminal Control information suddenly vanished
         During the course of working with the terminal database information
         the pointer pointing to the static version of the information sud-
         denly disappeared.

    Bad priority setting.
         nice failed to set the nice value specified in the Protected Pass-
         word entry for the user.

    Bad supplemental group list.
         The call to setgroups failed.

    Bad group id.
         The call to setgid failed.

    Bad user id.
         The call to setuid failed.

    Unable to set kernel authorizations.
         The call to set the kernel authorizations failed.

    Login timed out
         login received an ALARM signal.  Note: login sets this itself, but
         it could conceivably come from somewhere else.

    Terminal is disabled but root login is allowed.
    Terminal is disabled -- see Account Administrator.
         If the terminal is disabled and root attempts to login on the (OVER-
         RIDE) tty  the first message is displayed; the second message is
         displayed when any other user attempts to login on a disabled termi-
         nal.

    The security databases are corrupt.
    However, root login at terminal tty is allowed,
         This is the message displayed when the OVERRIDE tty is used during a
         security problem.

    Impossible to execute /bin/sh!
         login cannot execute the shell program for doing an OVERRIDE.

 Notes

    login cannot be executed from a shell.

    Environment variables such as HZ, PATH, and so forth should not be
    defined in /etc/default/login.  Instead use /etc/initscript to set global
    variables.

    Sublogins (indicated by a shell of ``*'') are not supported and cause a
    warning.

    Although IDLEWEEKS and PASSREQ are supported for compatibility with other
    UNIX systems, their use is not recommended.  The proper way to set the
    behavior defined by these variables is by use of the sysadmsh(ADM)
    Accounts selection.


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026