llooggiinn -- Command

Log in a user
llooggiinn [-pp] [_l_o_g_i_n__i_d [_e_n_v_i_r_o_n__v_a_r[=_v_a_l_u_e] ...] ]

The command llooggiinn allows a user to identify himself to your system.  A user
can invoke  it as a  command, or the  system itself can  invoke it (usually
through the command ggeettttyy) when a user attempts to log in.

You can invoke  llooggiinn as a command.  To do  so, return to your lowest-level
(login) shell, then type either

    login

or:

    exec /bin/login

This  invocation replaces  the shell  with llooggiinn, and  so ensures  a smooth
transition from one user account to another.

If the  user does not  supply a _l_o_g_i_n__i_d  on the llooggiinn  command line, llooggiinn
prompts him for  the login identifier to use.  If  the account for _l_o_g_i_n__i_d
is  protected  by a  password,  llooggiinn  then asks  the  user  to enter  that
password.  If  possible, llooggiinn  turns off echoing  during the entry  of the
password to  ensure that bystanders (or kibitzers)  cannot see the password
displayed on his terminal.

_S_w_i_t_c_h_e_s
llooggiinn executes  the file /eettcc/ddeeffaauulltt/llooggiinn.  This file sets  switches that
control llooggiinn's behavior.  Each switch has the form

    _S_W_I_T_C_H=_V_A_L_U_E

where _S_W_I_T_C_H is the switch being  set and _V_A_L_U_E is the value to which it is
being  set.   llooggiinn   exports  some  of  these  switches  as  environmental
variables,  to  give the  programs  that llooggiinn  invokes  a minimal  working
environment.

llooggiinn recognizes the following switches by default:

AALLTTSSHHEELLLL
     If set to YYEESS, the login  shell's name is recorded in the environment.
     If set to NNOO, it is not.  By default, llooggiinn sets this to YYEESS.

CCOONNSSOOLLEE
     The allowable  terminal devices (from  /ddeevv) from which  the superuser
     rroooott can  log into your system.   If this names more  than one device,
     you must  separated them  with colons.  If  this variable is  not set,
     then rroooott can log in from  any device.  A device name can also include
     the wildcard character `?'.

HHZZ   Your computer's clock tick frequency,  in Hertz.  llooggiinn does not set a
     default.  llooggiinn exports this switch as an environmental variable.

IIDDLLEEWWEEEEKKSS
     The number of weeks before a login is disabled for lack of use.  llooggiinn
     does not set this variable.

NNEEWWUUSSEERR
     This switch gives a shell command that is to be executed when the file
     $HHOOMMEE/.llaassttllooggiinn does  not exist.  By  default, it displays  a warning
     message is displayed.   The installation script for COHERENT typically
     creates a setting  for you that executes the file /eettcc/ddeeffaauulltt/wweellccoommee
     instead.   This  works  with  the  command  /eettcc/nneewwuussrr to  provide  a
     ``friendly''  environment for  users who  are  using COHERENT  for the
     first time.

PPAASSSSRREEQQ
     If set  to YYEESS, every user  must have a password.  If  set to NNOO, some
     users may  log in without a  password.  By default llooggiinn  sets this to
     YYEESS.

PPAATTHH This variable names the directories that an interactive shell searches
     for executable  files.  By default, llooggiinn  sets this to /bbiinn:/uussrr/bbiinn.
     llooggiinn exports this switch as an environmental variable.

SSUUPPAATTHH
     The default  path for the superuser rroooott. By  default, llooggiinn sets this
     to  /bbiinn:/uussrr/bbiinn.  llooggiinn  exports  this  switch as  an  environmental
     variable.

TTIIMMEEOOUUTT
     The time,  in seconds, that llooggiinn waits  before it silently terminates
     and returns control to ggeettttyy. llooggiinn gives the user five ``chances'' to
     log in during this time.  llooggiinn by default sets this to 120.

TTIIMMEEZZOONNEE
     The  current time  zone.  This  variable  has the  same format  as the
     COHERENT  environmental variable  TTZZ: that  is,  it uses  the template
     _N_S_T_H_N_D_T, where  _N_S_T is a  three-character abbreviation for  your local
     standard  time (e.g.,  CCSSTT  for Central  Standard Time),  _H gives  the
     number of  hours difference between your time  zone and Greenwich Mean
     Time,  and _N_S_D  gives a  three-character  abbreviation for  your local
     daylight-saving time.   llooggiinn exports this switch  as an environmental
     variable.

     Note that this  variable is set for the benefit  of code imported from
     UNIX.  Most COHERENT commands use the environmental variable TTIIMMEEZZOONNEE,
     which much more detailed  information about your local time zone.  For
     details on TTIIMMEEZZOONNEE, see its entry in the Lexicon.

     Note, too,  that the variable TTZZ, which is  set in file /eettcc/ttiimmeezzoonnee,
     should  be set  to exactly the  same string  as /eettcc/ddeeffaauulltt/TTIIMMEEZZOONNEE;
     otherwise, much confusion will result.

UULLIIMMIITT
     The maximum  size, in  512-byte blocks,  of a file  that the  user can
     create.  llooggiinn  does not set a default.   At present, COHERENT ignores
     this option.

UUMMAASSKK
     This gives the permissions that a shell sets by default for files that
     the  user  cretaes.  llooggiinn  does  not  set a  default  value for  this
     variable.  llooggiinn exports this switch as an environmental variable.

_L_o_g_g_i_n_g _F_a_i_l_e_d _A_t_t_e_m_p_t_s
If the  user attempts  and fails  five times to  log in, llooggiinn  records the
erroneous attempts in  file /uussrr/aaddmm/llooggiinnlloogg (should that file exist), and
it  disables  the terminal  for  a  period of  time.   (Note that  previous
versions  of COHERENT  recorded failed  attempts in  file /uussrr/aaddmm/ffaaiilleedd.)
llooggiinn does  not record when the  user typed only <rreettuurrnn>  in response to a
prompt for a login identifier.  If  the user does not succeed in logging in
within two  minutes (120 seconds), llooggiinn  silently disconnects the terminal
and returns control of the device to ggeettttyy.

_R_e_s_t_r_i_c_t_i_o_n_s _o_n _L_o_g_g_i_n_g _I_n
If the file  /eettcc/nnoollooggiinn exists, llooggiinn refuses to let  any users login in,
except for the superuser rroooott and  the (presumably few) users named in file
/eettcc/ttrruussttmmee. You can  use this mechanism to stop users  from logging in at
an inopportune  time, e.g., when the  system is about to  be shut down.  In
response to an attempt to log in, llooggiinn displays the contents of that file,
which should  contain the system administrator's  explanation of why logins
are not permitted at that time.

llooggiinn also  reads file  /eettcc/uussrrttiimmee, if it  exists.  This file  gives user
identifiers; for  each identifier,  it gives the  tty line from  which that
user can log in, and the  day of the week and time of day during which that
user can log  in.  llooggiinn rejects the user's login  if it is from a tty line
forbidden to the user, or outside  the day and time permitted.  If a user's
login identifier is not in this  file, llooggiinn assumes that that user can log
in from any line and at  any time.  Additional options allow you to control
globally all users, or interactive users, UUCP accounts, or SLIP users.

_P_a_s_s_w_o_r_d_s
llooggiinn prompts the user for a password when he logs in.  llooggiinn akes its copy
of the user's password from file /eettcc/ppaasssswwdd. If the password consists of a
single asterisk  `*', then llooggiinn reads the  password from file /eettcc/sshhaaddooww.
This file should be legible only  to the superuser rroooott. Once the passwords
are in /eettcc/sshhaaddooww, they can be read only by processes that have rroooott-level
permissions,  such as  llooggiinn. This  protects  the encrypted  passwords from
being read  by ordinary users, and perhaps decrypted  by a ``cracker.'' For
details, see the Lexicon entry for sshhaaddooww.

Note that  if a user's password  consists of `*' and  file /eettcc/sshhaaddooww does
not exist,  llooggiinn assumes that  the user's password encrypts  to `*'.  This
effectively locks the user out of his account.  The lesson is not to remove
or modify /eettcc/sshhaaddooww capriciously.

In addition,  llooggiinn reads the  files /eettcc/ddiiaalluuppss and  /eettcc/dd_ppaasssswwdd, which
hold auxiliary  passwords.  You  can set  auxiliary passwords for  users on
selected tty lines to  provide additional security.  For details, see these
files' entries in the Lexicon.

_S_u_c_c_e_s_s _I_n _L_o_g_g_i_n_g _I_n
If the user succeeds in logging in, llooggiinn displays on his terminal the date
and  time that  he last  logged in, as  recorded in  file $HHOOMMEE/.llaassttllooggiinn.
llooggiinn updates this  file whenever the user logs in.   If this file had been
modified by a process other than  llooggiinn, llooggiinn warns the user of a possible
breach in his account's security.

llooggiinn  then prints  the contents  of  the file  /eettcc/mmoottdd, which  holds the
message of the day.  It also sets the environmental variable LLOOGGNNAAMMEE to the
user's login identifier.

As its  last action,  llooggiinn invokes  the user's shell,  as set in  the last
field  of his  entry in  /eettcc/ppaasssswwdd.  Under COHERENT,  this is  either the
Bourne shell sshh or the Korn  shell kksshh. (llooggiinn can also invoke a program in
place of  a shell, e.g., the  command uuuucciiccoo for a  UUCP account.) If llooggiinn
invokes an  interactive shell, it does  so with the first  character of its
aarrggvv[00] set to `-', so that the shell knows that it is a login shell.  (For
example, if llooggiinn invokes kksshh, its aarrggvv[00] is -kksshh.)

When a  shell starts up,  it executes the script  /eettcc/pprrooffiillee. This script
executes the command uummaasskk, to set  the permissions that the shell gives by
default  to files  that  that user  creates;  and then  sets the  following
environmental variables:

HHZZ   The default  clock speed for  your system.  By  default, COHERENT sets
     this to 100.
LLOOGGNNAAMMEE
     The user's login identifier.
MMAAIILL This  names   the  user's   mailbox.   By   default,  it  is   set  to
     /uussrr/ssppooooll/mmaaiill/_l_o_g_i_n__i_d.
PPAAGGEERR
     The  command used  to  ``page'' through  files of  text.  By  default,
     COHERENT sets this to mmoorree.
PPAATTHH The  directories that  the shell  searches  for executable  files.  By
     default, COHERENT sets these to /bbiinn and /uussrr/bbiinn.
TTEERRMM The  type of  terminal  at which  the  user is  working.  By  default,
     COHERENT reads file /eettcc/ttttyyttyyppee to read the default terminal type for
     a given port.  For details, see the description of this command in the
     Lexicon.

Finally,  /eettcc/pprrooffiillee  calls  the  script  /eettcc/ttiimmeezzoonnee, which  sets  the
following environmental variables:

TTZZ   Your time zone, as interpreted by most UNIX software.

TTIIMMEEZZOONNEE
     Your time zone, as interpreted by the COHERENT system.  At present, it
     contains considerably more  information about your time zone than does
     TTZZ. For details of this variable, see its description in the Lexicon.

The shell  then executes the script $HHOOMMEE/.pprrooffiillee,  should one exist.  The
COHERENT command nneewwuussrr creates this file when it installs a new user.  The
user  can edit  this file  to  set environmental  variables, and  to invoke
commands for his amusement, e.g., /uussrr/ggaammeess/ffoorrttuunnee.

_C_o_m_m_a_n_d-_l_i_n_e _O_p_t_i_o_n_s
If a user invokes llooggiinn as  a command, he can set one or more environmental
variables on llooggiinn's command  line.  If _e_n_v_i_r_o_n__v_a_r contains an equal sign,
then it and _v_a_l_u_e are placed into the environment.  If _e_n_v_i_r_o_n__v_a_r does not
contain an equal  sign, then llooggiinn places it into  the environment with the
format:

    _e_n_v_i_r_o_n__v_a_r=_n

where _n is a number from zero through the number of environmental variables
being so set.

For security reasons, llooggiinn refuses to set from its command line any of the
following environmental variables:

     CCDDPPAATTHH    HHOOMMEE
     HHZZ        IIFFSS
     LLOOGGNNAAMMEE   MMAAIILL
     PPAATTHH      SSHHEELLLL
     TTZZ

llooggiinn  also recognizes  the command-line  option -pp,  which tells  llooggiinn to
preserve the user's current environment  when logging in as _l_o_g_i_n__i_d. If it
is  _n_o_t invoked  with  this option,  llooggiinn ``empties''  the current  user's
before it  constructs the environment  for user _l_o_g_i_n__i_d. If  it is invoked
with this option llooggiinn replaces existing environmental variables with those
it sets during the login  process, but it preserves all other environmental
variables set in the original environment.

_S_u_b_s_y_s_t_e_m _L_o_g_i_n_s
llooggiinn supports virtual  ``subsystems'' under COHERENT.  If the user's shell
as  specified in  /eettcc/ppaasssswwdd  is `*',  then  llooggiinn makes  the user's  HHOOMMEE
directory into  the system's  root directory, informs  the user that  it is
executing a  ``Subsystem login,'' and then re-executes  llooggiinn. The new root
directory  must  have   its  own  versions  of  the  commands  /eettcc/ppaasssswwdd,
/bbiinn/llooggiinn, and  /ddeevv files.  Once so  logged in, the user  has, in effect,
his own virtual version of the COHERENT system.

_F_i_l_e_s
/eettcc/dd_ppaasssswwdd -- Passwords for shells on dialup lines
/eettcc/ddeeffaauulltt/llooggiinn -- Default parameters for llooggiinn
/eettcc/ddiiaalluuppss -- List of dialup tty lines
/eettcc/ggrroouupp -- File that defines user groups
/eettcc/nnoollooggiinn -- Forbid all logins
/eettcc/ppaasssswwdd -- Password file
/eettcc/pprrooffiillee -- Script executed by sshh and kksshh upon invocation
/eettcc/sshhaaddooww -- Optional file of ``shadow'' passwords
/eettcc/ttrruussttmmee -- Permit named users to log in despite nnoollooggiinn
/eettcc/ttttyyttyyppee -- Default terminal type on a given tty line
/eettcc/uuttmmpp -- Identifiers of users who are logged into your system
/eettcc/uussrrttiimmee -- Login restrictions for user _l_o_g_i_n__i_d
/eettcc/wwttmmpp -- History of who has logged in, and when
/uussrr/aaddmm/llooggiinnlloogg -- Record of failed login attempts
/uussrr/ssppooooll/mmaaiill/_n_a_m_e -- Mailbox for _u_s_e_r
$HHOOMMEE/.llaassttllooggiinn -- Date of user's last login

_S_e_e _A_l_s_o
AAddmmiinniisstteerriinngg CCOOHHEERREENNTT, ccoommmmaannddss, kksshh, llaassttllooggiinn, mmaaiill, sshh, nneewwggrrpp, nneewwuussrr,
wweellccoommee

_N_o_t_e_s
This  version  of  llooggiinn no  longer  recognizes  the remote-access  account
rreemmaacccc.  To  duplicate  the   function  of  this  account,  set  the  files
/eettcc/ddiiaalluuppss  and /eettcc/dd_ppaasssswwdd.  For  details, see  their  entries in  the
Lexicon.

This version  of llooggiinn was  written by Tony  Field (tony@ajfcal.cuc.ab.ca),
with help from Uwe Doering (gemini@geminix.in-berlin.de).  It was ported to
COHERENT by  Harry Pulley (hcpiv@snowhite.cis.uoguelph.ca),  with help from
Udo Munk (udo@umunk.gun.de).
