|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|
Another version of this page is provided by the shadow-utils project
|
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | CONFIG FILE ITEMS | FILES | CREDENTIALS | BUGS | AUTHORS | SEE ALSO | REPORTING BUGS | AVAILABILITY |
|
|
|
LOGIN(1) User Commands LOGIN(1)
login - begin session on the system
login [-p] [-h host] [-H] [-f username|username]
login is used when signing onto a system. If no argument is given,
login prompts for the username.
The user is then prompted for a password, where appropriate.
Echoing is disabled to prevent revealing the password. Only a
number of password failures are permitted before login exits and
the communications link is severed. See LOGIN_RETRIES in the
CONFIG FILE ITEMS section.
If password aging has been enabled for the account, the user may
be prompted for a new password before proceeding. In such case old
password must be provided and the new password entered before
continuing. Please refer to passwd(1) for more information.
The user and group ID will be set according to their values in the
/etc/passwd file. There is one exception if the user ID is zero.
In this case, only the primary group ID of the account is set.
This should allow the system administrator to login even in case
of network problems. The environment variable values for $HOME,
$USER, $SHELL, $PATH, $LOGNAME, and $MAIL are set according to the
appropriate fields in the password entry. $PATH defaults to
/usr/local/bin:/bin:/usr/bin for normal users, and to
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin for
root, if not otherwise configured.
The environment variable $TERM will be preserved, if it exists,
else it will be initialized to the terminal type on your tty. The
environment variables $COLORTERM and $NO_COLOR will be preserved
if they exist.
Other environment variables are preserved if the -p option is
given or if LOGIN_ENV_SAFELIST defined in /etc/login.defs (see
below).
The environment variables defined by PAM are always preserved.
Then the user’s shell is started. If no shell is specified for the
user in /etc/passwd, then /bin/sh is used. If the specified shell
contains a space, it is treated as a shell script. If there is no
home directory specified in /etc/passwd, then / is used, followed
by .hushlogin check as described below.
If the file .hushlogin exists, then a "quiet" login is performed.
This disables the checking of mail and the printing of the last
login time and message of the day. Otherwise, if /var/log/lastlog
exists, the last login time is printed, and the current login is
recorded.
-p
Used by getty(8) to tell login to preserve the environment.
See also LOGIN_ENV_SAFELIST config file item.
-f
Used to skip a login authentication. This option is usually
used by the getty(8) autologin feature.
-h
Used by other servers (such as telnetd(8) to pass the name of
the remote host to login so that it can be placed in utmp and
wtmp. Only the superuser is allowed use this option.
Note that the -h option has an impact on the PAM service name.
The standard service name is login, but with the -h option,
the name is remote. It is necessary to create proper PAM
config files (for example, /etc/pam.d/login and
/etc/pam.d/remote).
-H
Used by other servers (for example, telnetd(8)) to tell login
that printing the hostname should be suppressed in the login:
prompt. See also LOGIN_PLAIN_PROMPT below.
-h, --help
Display help text and exit.
-V, --version
Display version and exit.
login reads the /etc/login.defs configuration file (see
login.defs(5)). Note that the configuration file could be
distributed with another package (usually shadow-utils). The
following configuration items are relevant for login:
MOTD_FILE (string)
Specifies a ":" delimited list of "message of the day" files
and directories to be displayed upon login. If the specified
path is a directory then displays all files with .motd file
extension in version-sort order from the directory.
The default value is /usr/share/misc/motd:/run/motd:/etc/motd.
If the MOTD_FILE item is empty or a quiet login is enabled,
then the message of the day is not displayed. Note that the
same functionality is also provided by the pam_motd(8) PAM
module.
The directories in the MOTD_FILE are supported since version
2.36.
Note that login does not implement any filenames overriding
behavior like pam_motd (see also MOTD_FIRSTONLY), but all
content from all files is displayed. It is recommended to keep
extra logic in content generators and use /run/motd.d rather
than rely on overriding behavior hardcoded in system tools.
MOTD_FIRSTONLY (boolean)
Forces login to stop display content specified by MOTD_FILE
after the first accessible item in the list. Note that a
directory is one item in this case. This option allows login
semantics to be configured to be more compatible with
pam_motd. The default value is no.
LOGIN_ENV_SAFELIST (string)
Forces login to protect the specified environment variables if
-p is not used. The string value is a comma-separated list of
variable names. For example: "LANG,LC_MESSAGES,LC_COLLATE".
The safelist is ignored for the environment variables HOME,
SHELL and USER.
LOGIN_PLAIN_PROMPT (boolean)
Tell login that printing the hostname should be suppressed in
the login: prompt. This is an alternative to the -H command
line option. The default value is no.
LOGIN_TIMEOUT (number)
Maximum time in seconds for login. The default value is 60.
LOGIN_RETRIES (number)
Maximum number of login retries in case of a bad password. The
default value is 3.
LOGIN_KEEP_USERNAME (boolean)
Tell login to only re-prompt for the password if
authentication failed, but the username is valid. The default
value is no.
FAIL_DELAY (number)
Delay in seconds before being allowed another three tries
after a login failure. The default value is 5.
TTYPERM (string)
The terminal permissions. The default value is 0600 or 0620 if
tty group is used. See also mesg(1).
TTYGROUP (string)
The login tty will be owned by the TTYGROUP. The default value
is tty. If the TTYGROUP does not exist, then the ownership of
the terminal is set to the user’s primary group.
The TTYGROUP can be either the name of a group or a numeric
group identifier. See also mesg(1).
HUSHLOGIN_FILE (string)
If defined, this file can inhibit all the usual chatter during
the login sequence. If a full pathname (for example,
/etc/hushlogins) is specified, then hushed mode will be
enabled if the user’s name or shell are found in the file. If
this global hush login file is empty then the hushed mode will
be enabled for all users.
If a full pathname is not specified, then hushed mode will be
enabled if the file exists in the user’s home directory.
The default is to check /etc/hushlogins and if it does not
exist then ~/.hushlogin.
If the HUSHLOGIN_FILE item is empty, then all the checks are
disabled.
DEFAULT_HOME (boolean)
Indicate if login is allowed if we cannot change directory to
the home directory. If set to yes, the user will login in the
root (/) directory if it is not possible to change directory
to their home. The default value is yes.
LASTLOG_UID_MAX (unsigned number)
Highest user ID number for which the lastlog entries should be
updated. As higher user IDs are usually tracked by remote user
identity and authentication services there is no need to
create a huge sparse lastlog file for them. No LASTLOG_UID_MAX
option present in the configuration means that there is no
user ID limit for writing lastlog entries. The default value
is ULONG_MAX.
LOG_UNKFAIL_ENAB (boolean)
Enable display of unknown usernames when login failures are
recorded. The default value is no.
Note that logging unknown usernames may be a security issue if
a user enters their password instead of their login name.
ENV_PATH (string)
If set, it will be used to define the PATH environment
variable when a regular user logs in. The default value is
/usr/local/bin:/bin:/usr/bin.
ENV_ROOTPATH (string), ENV_SUPATH (string)
If set, it will be used to define the PATH environment
variable when the superuser logs in. ENV_ROOTPATH takes
precedence. The default value is
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.
LOGIN_SHELL_FALLBACK (boolean)
If set to yes, login will provide a valid shell from
/etc/shells when the shell specified in /etc/passwd is invalid
or inaccessible due to administrative errors. This ensures
users can still log in. However, it may bypass intended shell
restrictions, potentially causing unexpected behavior if the
fallback shell differs from the configured one.
/var/run/utmp, /var/log/wtmp, /var/log/lastlog, /var/spool/mail/*,
/etc/motd, /etc/passwd, /etc/nologin, /etc/pam.d/login,
/etc/pam.d/remote, /etc/hushlogins, $HOME/.hushlogin
login supports configuration via systemd credentials (see
https://systemd.io/CREDENTIALS/). login reads the following
systemd credentials:
login.noauth (boolean)
If set, configures login to skip login authentication,
similarly to the -f option.
The undocumented BSD -r option is not supported. This may be
required by some rlogind(8) programs.
A recursive login, as used to be possible in the good old days, no
longer works; for most purposes su(1) is a satisfactory
substitute. Indeed, for security reasons, login does a vhangup(2)
system call to remove any possible listening processes on the tty.
This is to avoid password sniffing. If one uses the command login,
then the surrounding shell gets killed by vhangup(2) because it’s
no longer the true owner of the tty. This can be avoided by using
exec login in a top-level shell or xterm.
Derived from BSD login 5.40 (5/9/89) by Michael Glad
<glad@daimi.dk> for HP-UX. Ported to Linux 0.12: Peter Orbaek
<poe@daimi.aau.dk>. Rewritten to a PAM-only version by Karel Zak
<kzak@redhat.com>
mail(1), passwd(1), passwd(5), utmp(5), environ(7), getty(8),
init(8), lastlog(8), shutdown(8)
For bug reports, use the issue tracker
<https://github.com/util-linux/util-linux/issues>.
The login command is part of the util-linux package which can be
downloaded from Linux Kernel Archive
<https://www.kernel.org/pub/linux/utils/util-linux/>. This page is
part of the util-linux (a random collection of Linux utilities)
project. Information about the project can be found at
⟨https://www.kernel.org/pub/linux/utils/util-linux/⟩. If you have a
bug report for this manual page, send it to
util-linux@vger.kernel.org. This page was obtained from the
project's upstream Git repository
⟨git://git.kernel.org/pub/scm/utils/util-linux/util-linux.git⟩ on
2025-08-11. (At that time, the date of the most recent commit that
was found in the repository was 2025-08-05.) If you discover any
rendering problems in this HTML version of the page, or you
believe there is a better or more up-to-date source for the page,
or you have corrections or improvements to the information in this
COLOPHON (which is not part of the original manual page), send a
mail to man-pages@man7.org
util-linux 2.42-start-521-ec46 2025-08-09 LOGIN(1)
Pages that refer to this page: ac(1), bash(1), chsh(1), intro(1), last(1@@util-linux), mesg(1), newgrp(1), openvt(1), sg(1), su(1@@shadow-utils), ul(1), crypt(3), pam(3), ttyslot(3), group(5), login.defs(5), motd(5), nologin(5), passwd(5), passwd(5@@shadow-utils), proc_sys_vm(5), securetty(5), shadow(5), systemd.exec(5), utmp(5), environ(7), agetty(8), faillog(8), nologin(8), nologin(8@@shadow-utils), PAM(8)
|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|