Log in linux command line

DESCRIPTION

login is used when signing onto a system. It can also be used to switch from one user to another at any time (most modern shells have support for this feature built into them, however).

If an argument is not given, login prompts for the username.

If the user is not root, and if /etc/nologin exists, the contents of this file are printed to the screen, and the login is terminated. This is typically used to prevent logins when the system is being taken down.

If special access restrictions are specified for the user in /etc/usertty, these must be met, or the log in attempt will be denied and a syslog message will be generated. See the section on «Special Access Restrictions».

If the user is root, then the login must be occurring on a tty listed in /etc/securetty. Failures will be logged with the syslog facility.

After these conditions have been checked, the password will be requested and checked (if a password is required for this username). Ten attempts are allowed before login dies, but after the first three, the response starts to get very slow. Login failures are reported via the syslog facility. This facility is also used to report any successful root logins.

If the file .hushlogin exists, then a «quiet» login is performed (this disables the checking of mail and the printing of the last login time and message of the day). Otherwise, if /var/log/lastlog exists, the last login time is printed (and the current login is recorded).

Random administrative things, such as setting the UID and GID of the tty are performed. The TERM environment variable is preserved, if it exists (other environment variables are preserved if the -p option is used). Then the HOME, PATH, SHELL, TERM, MAIL, and LOGNAME environment variables are set. PATH defaults to /usr/local/bin:/bin:/usr/bin for normal users, and to /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin for root. Last, if this is not a «quiet» login, the message of the day is printed and the file with the user’s name in /var/spool/mail will be checked, and a message printed if it has non-zero length.

The user’s shell is then started. If no shell is specified for the user in /etc/passwd, then /bin/sh is used. If there is no directory specified in /etc/passwd, then / is used (the home directory is checked for the .hushlogin file described above).

OPTIONS

Tag Description
-p Used by getty(8) to tell login not to destroy the environment
-f Used to skip a second login authentication. This specifically does not work for root, and does not appear to work well under Linux.
-h Used by other servers (i.e., telnetd(8)) to pass the name of the remote host to login so that it may be placed in utmp and wtmp. Only the superuser may use this option.

SPECIAL ACCESS RESTRICTIONS

The file /etc/securetty lists the names of the ttys where root is allowed to log in. One name of a tty device without the /dev/ prefix must be specified on each line. If the file does not exist, root is allowed to log in on any tty.

On most modern Linux systems PAM (Pluggable Authentication Modules) is used. On systems that do not use PAM, the file /etc/usertty specifies additional access restrictions for specific users. If this file does not exist, no additional access restrictions are imposed. The file consists of a sequence of sections. There are three possible section types: CLASSES, GROUPS and USERS. A CLASSES section defines classes of ttys and hostname patterns, A GROUPS section defines allowed ttys and hosts on a per group basis, and a USERS section defines allowed ttys and hosts on a per user basis.

Each line in this file in may be no longer than 255 characters. Comments start with # character and extend to the end of the line.

The CLASSES Section

A CLASSES section begins with the word CLASSES at the start of a line in all upper case. Each following line until the start of a new section or the end of the file consists of a sequence of words separated by tabs or spaces. Each line defines a class of ttys and host patterns.

The word at the beginning of a line becomes defined as a collective name for the ttys and host patterns specified at the rest of the line. This collective name can be used in any subsequent GROUPS or USERS section. No such class name must occur as part of the definition of a class in order to avoid problems with recursive classes.

An example CLASSES section:

CLASSES myclass1 tty1 tty2 myclass2 tty3 @.foo.com

This defines the classes myclass1 and myclass2 as the corresponding right hand sides.

The GROUPS Section

A GROUPS section defines allowed ttys and hosts on a per Unix group basis. If a user is a member of a Unix group according to /etc/passwd and /etc/group and such a group is mentioned in a GROUPS section in /etc/usertty then the user is granted access if the group is.

A GROUPS section starts with the word GROUPS in all upper case at the start of a line, and each following line is a sequence of words separated by spaces or tabs. The first word on a line is the name of the group and the rest of the words on the line specifies the ttys and hosts where members of that group are allowed access. These specifications may involve the use of classes defined in previous CLASSES sections.

An example GROUPS section.

GROUPS sys tty1 @.bar.edu stud myclass1 tty4

This example specifies that members of group sys may log in on tty1 and from hosts in the bar.edu domain. Users in group stud may log in from hosts/ttys specified in the class myclass1 or from tty4.

The USERS Section

A USERS section starts with the word USERS in all upper case at the start of a line, and each following line is a sequence of words separated by spaces or tabs. The first word on a line is a username and that user is allowed to log in on the ttys and from the hosts mentioned on the rest of the line. These specifications may involve classes defined in previous CLASSES sections. If no section header is specified at the top of the file, the first section defaults to be a USERS section.

USERS zacho tty1 @130.225.16.0/255.255.255.0 blue tty3 myclass2

This lets the user zacho login only on tty1 and from hosts with IP addreses in the range 130.225.16.0 — 130.225.16.255, and user blue is allowed to log in from tty3 and whatever is specified in the class myclass2.

There may be a line in a USERS section starting with a username of *. This is a default rule and it will be applied to any user not matching any other line.

If both a USERS line and GROUPS line match a user then the user is allowed access from the union of all the ttys/hosts mentioned in these specifications.

Origins

The tty and host pattern specifications used in the specification of classes, group and user access are called origins. An origin string may have one of these formats:

Tag Description
o The name of a tty device without the /dev/ prefix, for example tty1 or ttyS0.
o The string @localhost, meaning that the user is allowed to telnet/rlogin from the local host to the same host. This also allows the user to for example run the command: xterm -e /bin/login.
o A domain name suffix such as @.some.dom, meaning that the user may rlogin/telnet from any host whose domain name has the suffix .some.dom.
o A range of IPv4 addresses, written @x.x.x.x/y.y.y.y where x.x.x.x is the IP address in the usual dotted quad decimal notation, and y.y.y.y is a bitmask in the same notation specifying which bits in the address to compare with the IP address of the remote host. For example @130.225.16.0/255.255.254.0 means that the user may rlogin/telnet from any host whose IP address is in the range 130.225.16.0 — 130.225.17.255.

Any of the above origins may be prefixed by a time specification according to the syntax:
timespec ::= ’[’ [’:’ ]* ’]’ day ::= ’mon’ | ’tue’ | ’wed’ | ’thu’ | ’fri’ | ’sat’ | ’sun’ hour ::= ’0’ | ’1’ | . | ’23’ hourspec ::= | ’-’ day-or-hour ::= |

For example, the origin [mon:tue:wed:thu:fri:8-17]tty3 means that log in is allowed on mondays through fridays between 8:00 and 17:59 (5:59 pm) on tty3. This also shows that an hour range a-b includes all moments between a:00 and b:59. A single hour specification (such as 10) means the time span between 10:00 and 10:59.

Not specifying any time prefix for a tty or host means log in from that origin is allowed any time. If you give a time prefix be sure to specify both a set of days and one or more hours or hour ranges. A time specification may not include any white space.

If no default rule is given then users not matching any line /etc/usertty are allowed to log in from anywhere as is standard behavior.

FILES

/var/run/utmp /var/log/wtmp /var/log/lastlog /var/spool/mail/* /etc/motd /etc/passwd /etc/nologin /etc/usertty .hushlogin 

SEE ALSO

The undocumented BSD -r option is not supported. This may be required by some rlogind(8) programs.

A recursive login, as used to be possible in the good old days, no longer works; for most purposes su(1) is a satisfactory substitute. Indeed, for security reasons, login does a vhangup() system call to remove any possible listening processes on the tty. This is to avoid password sniffing. If one uses the command «login», then the surrounding shell gets killed by vhangup() because it’s no longer the true owner of the tty. This can be avoided by using «exec login» in a top-level shell or xterm.

Источник

Linux login command

Computer Hope

On Unix-like operating systems, the login command begins a new login session on the system.

This page covers the Linux version of login.

Description

The login program is used to establish a new session with the system. It is normally invoked automatically by responding to the «login:» prompt on the user’s terminal. login may be special to the shell and may not be invoked as a sub-process. When called from a shell, login should be executed as exec login which causes the user to exit from the current shell (and thus prevents the new logged in user to return to the session of the caller). Attempting to execute login from any shell but the login shell produces an error message.

The user is then prompted for a password, where appropriate. Echoing is disabled to prevent revealing the password. Only a small number of password failures are permitted before login exits and the communications link is severed.

If password aging is enabled for your account, you may be prompted for a new password before proceeding. You will be forced to provide your old password and the new password before continuing; refer to our passwd for more information.

Your user and group ID will be set according to their values in the /etc/passwd file. The value for $HOME, $SHELL, $PATH, $LOGNAME, and $MAIL are set according to the appropriate fields in the password entry. ulimit, umask and nice values may also be set according to entries in the GECOS field.

On some installations, the environment variable $TERM will be initialized to the terminal type on your tty line, as specified in /etc/ttytype.

An initialization script may also be executed; check the documentation of your command interpreter for information on init scripts.

A subsystem login is indicated by the presence of a «*» as the first character of the login shell. The given home directory will be used as the root of a new file system which the user is actually logged into.

Syntax

login [-p] [-h host] [username] [ENV=VAR. ]
login [-p] [-h host] -f username

Options

-f Do not perform authentication; user is pre-authenticated. In that case, username is mandatory.
-h Name of the remote host for this login.
-p Preserve environment.
-r Perform autologin protocol for rlogin.

Configuration

The following configuration variables in /etc/login.defs change the behavior of this tool:

By default, the ownership of the terminal is set to the user’s primary group and the permissions are set to 0600.

TTYGROUP can be either the name of a group or a numeric group identifier.

Files

/var/run/utmp List of current login sessions.
/var/log/wtmp List of previous login sessions.
/etc/passwd User account information.
/etc/shadow Secure user account information.
/etc/motd System message of the day file.
/etc/nologin Prevent non-root users from logging in.
/etc/ttytype List of terminal types.
$HOME/.hushlogin Suppress printing of system messages.
/etc/login.defs Shadow password suite configuration.

The -r, -h and -f options are only used when login is invoked by root.

Examples

Attempts to log in to the host computerhope.com.

csh — The C shell command interpreter.
exit — Exit the command shell.
init — The parent of all processes on the system.
ksh — The Korn shell command interpreter.
mail — Read, compose, and manage mail.
mailx — Process mail messages.
newgrp — Log into a new group.
passwd — Change a user’s password.
rlogin — Begin a session on a remote system.
rsh — Execute a command on a remote shell.
sh — The Bourne shell command interpreter.
telnet — Connect to a remote system using the telnet protocol.
umask — Get or set the file mode creation mask.

Источник

Читайте также:  Linux gnu gcc version
Оцените статью
Adblock
detector