.TH login "" "" "Command"
.PC "Log in a user"
\fBlogin [\-p] [\fIlogin_id\^\fB [\fIenviron_var\fB[=\fIvalue\^\fB] ...] ]\fR
.PP
.HS
.SH Options:
.IC \fB\-p\fR
Preserve the current environment.
.IC \fIlogin_id\fR
The user's login identifier.
.IC \fIenviron_var\fR
An environment variable to set upon logging in.
.HE
The command
.B login
allows a user to identify himself to your system.
.II getty
A user can invoke it as a command,
or the system itself can invoke it (usually through the command
.BR getty )
when a user attempts to log in.
.PP
You can invoke
.B login
as a command.
To do so, return to your lowest-level (login) shell,
then type either
.DM
	login
.DE
.PP
or:
.DM
	exec /bin/login
.DE
.PP
This invocation replaces the shell with
.BR login ,
and so ensures a smooth transition from one user account to another.
.PP
If the user does not supply a
.I login_id
on the
.B login
command line,
.B login
prompts him for the login identifier to use.
If the account for
.I login_id
is protected by a password,
.B login
then asks the user to enter that password.
.II kibitzers
If possible,
.B login
turns off echoing
during the entry of the password to ensure that bystanders (or ``kibitzers'')
cannot see the password displayed on his terminal.
.SH "Switches"
.II /etc/default/login
.B login
executes the file
.BR /etc/default/login .
This file sets switches that control
.BR login 's
behavior.
Each switch has the form
.DS
	\fISWITCH\fB=\fIVALUE
.DE
.PP
where
.I SWITCH
is the switch being set and
.I VALUE
is the value to which it is being set.
.B login
exports some of these switches as environmental variables,
to give the programs that
.B login
invokes a minimal working environment.
.PP
.B login
recognizes the following switches by default:
.IP \fBALTSHELL\fR
If set to
.BR YES ,
the login shell's name is recorded in the environment.
If set to
.BR NO ,
it is not.
By default,
.B login
sets this to
.BR YES .
.IP \fBCONSOLE\fR
The allowable terminal devices (from \fB/dev\fR) from which the superuser
.B root
can log into your system.
If this names more than one device, you must separated them with colons.
If this variable is not set, then
.B root
can log in from any device.
A device name can also include the wildcard character `?'.
.II HZ
.IP \fBHZ\fR
Your computer's clock tick frequency, in Hertz.
.B login
does not set a default.
.B login
exports this switch as an environmental variable.
.IP \fBIDLEWEEKS\fR
The number of weeks before a login is disabled for lack of use.
.B login
does not set this variable.
.IP \fBNEWUSER\fR
This switch gives a shell command that is to be executed
when the file
.B $HOME/.lastlogin
does not exist.
By default, it displays a warning message is displayed.
The installation script for \*(CO
typically creates a setting for you that executes the file
.B /etc/default/welcome
instead.
This works with the command
.B /etc/newusr
to provide a ``friendly'' environment for users
who are using \*(CO for the first time.
.IP \fBPASSREQ\fR
If set to
.BR YES ,
every user must have a password.
If set to
.BR NO ,
some users may log in without a password.
By default
.B login
sets this to
.BR YES .
.II PATH
.IP \fBPATH\fR
This variable names the directories that an interactive shell
searches for executable files.
By default,
.B login
sets this to
.BR /bin:/usr/bin .
.B login
exports this switch as an environmental variable.
.II SUPATH
.IP \fBSUPATH\fR
The default path for the superuser
.BR root .
By default,
.B login
sets this to
.BR /bin:/usr/bin .
.B login
exports this switch as an environmental variable.
.IP \fBTIMEOUT\fR
The time, in seconds, that
.B login
waits before it silently terminates and returns control to
.BR getty .
.B login
gives the user five ``chances'' to log in during this time.
.B login
by default sets this to 120.
.II TZ
.IP \fBTIMEZONE\fR
The current time zone.
This variable has the same format as the \*(CO environmental variable
.BR TZ :
that is, it uses the template
.IR NSTHNDT ,
where
.I NST
is a three-character abbreviation for your local standard time (e.g.,
.B CST
for Central Standard Time),
.I H
gives the number of hours difference between your time zone and Greenwich
Mean Time, and
.I NSD
gives a three-character abbreviation for your local daylight-saving time.
.B login
exports this switch as an environmental variable.
.IP
Note that this variable is set for the benefit of code imported from \*(UN.
Most \*(CO commands use the environmental variable
.BR TIMEZONE ,
which much more detailed information about your local time zone.
For details on
.BR TIMEZONE ,
see its entry in the Lexicon.
.IP
Note, too, that the variable
.BR TZ ,
which is set in file
.BR /etc/timezone ,
should be set to exactly the same string as
.BR /etc/default/TIMEZONE ;
otherwise, much confusion will result.
.II ULIMIT
.IP \fBULIMIT\fR
The maximum size, in 512-byte blocks, of a file that the user can create.
.B login
does not set a default.
At present, \*(CO ignores this option.
.II UMASK
.IP \fBUMASK\fR
This gives the permissions that a shell sets by default for files
that the user cretaes.
.B login
does not set a default value for this variable.
.B login
exports this switch as an environmental variable.
.SH "Logging Failed Attempts"
.II loginlog
.II /usr/adm/loginlog
If the user attempts and fails five times to log in,
.B login
records the erroneous attempts in file
.B /usr/adm/loginlog
(should that file exist), and it disables the terminal for a period of time.
.II failed
.II /usr/adm/failed
(Note that previous versions of \*(CO recorded failed attempts in file
.BR /usr/adm/failed .)
.B login
does not record when the user typed only \*(RT in response to a
prompt for a login identifier.
If the user does not succeed in logging in within two minutes (120 seconds),
.B login
silently disconnects the terminal and returns control of the device to
.BR getty .
.SH "Restrictions on Logging In"
.II nologin
.II /etc/nologin
.II trustme
.II /etc/trustme
If the file
.B /etc/nologin
exists,
.B login
refuses to let any users login in, except for the superuser
.B root
and the (presumably few) users named in file
.BR /etc/trustme .
You can use this mechanism to stop users from
logging in at an inopportune time, e.g., when the system is about to be
shut down.
In response to an attempt to log in,
.B login
displays the contents of that file, which should contain the system
administrator's explanation of why logins are not permitted at that time.
.PP
.II usrtime
.II /etc/usrtime
.B login
also reads file
.BR /etc/usrtime ,
if it exists.
This file gives user identifiers; for each identifier, it gives the tty
line from which that user can log in, and the day of the week and time of
day during which that user can log in.
.B login
rejects the user's login if it is from a tty line forbidden to the user,
or outside the day and time permitted.
If a user's login identifier is not in this file,
.B login
assumes that that user can log in from any line and at any time.
Additional options allow you to control globally all users, or
interactive users, \*(UU accounts, or SLIP users.
.SH "Passwords"
.II passwd
.II /etc/passwd
.B login
prompts the user for a password when he logs in.
.B login
takes its copy of the user's password from file
.BR /etc/passwd .
.II shadow
.II /etc/shadow
If the password consists of a single asterisk `*', then
.B login
reads the password from file
.BR /etc/shadow .
This file should be legible only by the superuser
.BR root .
Once the passwords are in
.BR /etc/shadow ,
they can be read only by processes that have
.BR root -level
permissions, such as
.BR login .
This protects the encrypted passwords from being read by ordinary users,
and perhaps decrypted by a ``cracker.''
For details, see the Lexicon entry for
.BR shadow .
.PP
Note that if a user's password consists of `*' and file
.B /etc/shadow
does not exist,
.B login
assumes that the user's password encrypts to `*'.
This effectively locks the user out of his account.
The lesson is not to remove or modify
.B /etc/shadow
capriciously.
.PP
.II dialups
.II /etc/dialups
.II d_passwd
.II /etc/d_passwd
In addition,
.B login
reads the files
.B /etc/dialups
and
.BR /etc/d_passwd ,
which hold auxiliary passwords.
You can set auxiliary passwords
for users on selected tty lines to provide additional security.
For details, see these files' entries in the Lexicon.
.SH "Success In Logging In"
.II lastlogin
.II $HOME/.lastlogin
If the user succeeds in logging in,
.B login
displays on his terminal the date and time that he last logged in,
as recorded in file
.BR $HOME/.lastlogin .
.B login
updates this file whenever the user logs in.
If this file had been modified by a process other than
.BR login ,
.B login
warns the user of a possible breach in his account's security.
.PP
.II motd
.II /etc/motd
.B login
then prints the contents of the file
.BR /etc/motd ,
which holds the message of the day.
.II LOGNAME
It also sets the environmental variable
.B LOGNAME
to the user's login identifier.
.PP
As its last action,
.B login
invokes the user's shell, as set in the last field of his entry in
.BR /etc/passwd .
Under \*(CO, this is either the Bourne shell
.B sh
or the Korn shell
.BR ksh .
(\fBlogin\fR can also invoke a program in place of a shell, e.g., the command
.B uucico
for a \*(UU account.)
If
.B login
invokes an interactive shell, it does so with the first character of
its \fBargv[0]\fR set to `-',
so that the shell knows that it is a login shell.
(For example, if
.B login
invokes
.BR ksh ,
its
.B argv[0]
is
.BR \-ksh .)
.PP
.II profile
.II /etc/profile
When a shell starts up, it executes the script
.BR /etc/profile .
.II umask
This script executes the command
.BR umask ,
to set the permissions that the shell gives by default to files that
that user creates; and then sets the following environmental variables:
.IP \fBHZ\fR
The default clock speed for your system.
By default, \*(CO sets this to 100.
.IS \fBLOGNAME\fR
The user's login identifier.
.IS \fBMAIL\fR
This names the user's mailbox.
By default, it is set to
\fB/usr/spool/mail/\fIlogin_id\fR.
.IS \fBPAGER\fR
The command used to ``page'' through files of text.
By default, \*(CO sets this to
.BR more .
.IS \fBPATH\fR
The directories that the shell searches for executable files.
By default, \*(CO sets these to
.B /bin
and
.BR /usr/bin .
.IS \fBTERM\fR
The type of terminal at which the user is working.
By default, \*(CO reads file
.B /etc/ttytype
to read the default terminal type for a given port.
For details, see the description of this command in the Lexicon.
.PP
.II timezone
.II /etc/timezone
Finally,
.B /etc/profile
calls the script
.BR /etc/timezone ,
which sets the following environmental variables:
.IP \fBTZ\fR
Your time zone, as interpreted by most \*(UN software.
.IP \fBTIMEZONE\fR
Your time zone, as interpreted by the \*(CO system.
At present,
it contains considerably more information about your time zone than does
.BR TZ .
For details of this variable, see its description in the Lexicon.
.PP
The shell then executes the script
.BR $HOME/.profile ,
should one exist.
.II newusr
The \*(CO command
.B newusr
creates this file when it installs a new user.
.II fortune
The user can edit this file to set environmental variables, and
to invoke commands for his amusement, e.g.,
.BR /usr/games/fortune .
.SH "Command-line Options"
If a user invokes
.B login
as a command, he can set one or more environmental variables on
.BR login 's
command line.
If
.I environ_var
contains an equal sign, then it and
.I value
are placed into the environment.
If
.I environ_var
does not contain an equal sign, then
.B login
places it into the environment with the format:
.DS
	\fIenviron_var\fB=\fIn\fR
.DE
.PP
where
.I n
is a number from zero
through the number of environmental variables being so set.
.PP
For security reasons,
.B login
refuses to set from its command line any of the following
environmental variables:
.DS
.B
.ta 0.5i 1.5i
	CDPATH		HOME
	HZ		IFS
	LOGNAME		MAIL
	PATH		SHELL
	TZ
.R
.DE
.PP
.B login
also recognizes the command-line option
.BR \-p ,
which tells
.B login
to preserve the user's current environment when logging in as
.IR login_id .
If it is
.I not
invoked with this option,
.B login
``empties'' the current user's before it constructs the environment for user
.IR login_id .
If it is invoked with this option
.B login
replaces existing environmental variables with those it sets during the
login process, but it preserves all other environmental variables set in
the original environment.
.SH "Subsystem Logins"
.B login
supports virtual ``subsystems'' under \*(CO.
If the user's shell as specified in
.B /etc/passwd
is `*', then
.B login
makes the user's
.B HOME
directory into the system's root directory,
informs the user that it is executing a ``Subsystem login,''
and then re-executes
.BR login .
The new root directory must have its own versions of the commands
.BR /etc/passwd ,
.BR /bin/login ,
and
.BR /dev
files.
Once so logged in, the user has, in effect, his own virtual version of the
\*(CO system.
.SH Files
.nf
\fB/etc/d_passwd\fR \(em Passwords for shells on dialup lines
\fB/etc/default/login\fR \(em Default parameters for \fBlogin\fR
\fB/etc/dialups\fR \(em List of dialup tty lines
\fB/etc/group\fR \(em File that defines user groups
\fB/etc/nologin\fR \(em Forbid all logins
\fB/etc/passwd\fR \(em Password file
\fB/etc/profile\fR \(em Script executed by \fBsh\fR and \fBksh\fR upon invocation
\fB/etc/shadow\fR \(em Optional file of ``shadow'' passwords
\fB/etc/trustme\fR \(em Permit named users to log in despite \fBnologin\fR
\fB/etc/ttytype\fR \(em Default terminal type on a given tty line
\fB/etc/utmp\fR \(em Identifiers of users who are logged into your system
\fB/etc/usrtime\fR \(em Login restrictions for user \fIlogin_id\fR
\fB/etc/wtmp\fR \(em History of who has logged in, and when
\fB/usr/adm/loginlog\fR \(em Record of failed login attempts
\fB/usr/spool/mail/\fIname\fR \(em Mailbox for \fIuser\fR
\fB$HOME/.lastlogin\fR \(em Date of user's last login
.fi
.SH "See Also"
.Xr "Administering COHERENT," administe
.Xr "commands," commands
.Xr "ksh," ksh
.Xr "lastlogin," lastlogin
.Xr "mail," mail
.Xr "sh," sh
.Xr "newgrp," newgrp
.Xr "newusr," newusr
.Xr "welcome" welcome
.SH Notes
This version of
.B login
no longer recognizes the remote-access account
.BR remacc .
To duplicate the function of this account, set the files
.B /etc/dialups
and
.BR /etc/d_passwd .
For details, see their entries in the Lexicon.
.PP
.II "Field, Tony"
.II "Doering, Uwe"
.II "Pulley, Harry"
.II "Munk, Udo"
This version of
.B login
was written by Tony Field (tony@ajfcal.cuc.ab.ca), with help from
Uwe Doering (gemini@geminix.in-berlin.de).
It was ported to \*(CO by Harry Pulley (hcpiv@snowhite.cis.uoguelph.ca),
with help from Udo Munk (udo@umunk.gun.de).
