COHERENT manpages
This page displays the COHERENT manpage for login [Log in a user].
List of available manpages
Index
login -- Command
Log in a user
login [-p] [login_id [environ_var[=value] ...] ]
The command login allows a user to identify himself to your system. A user
can invoke it as a command, or the system itself can invoke it (usually
through the command getty) when a user attempts to log in.
You can invoke login as a command. To do so, return to your lowest-level
(login) shell, then type either
login
or:
exec /bin/login
This invocation replaces the shell with login, and so ensures a smooth
transition from one user account to another.
If the user does not supply a login_id on the login command line, login
prompts him for the login identifier to use. If the account for login_id
is protected by a password, login then asks the user to enter that
password. If possible, login turns off echoing during the entry of the
password to ensure that bystanders (or ``kibitzers'') cannot see the
password displayed on his terminal.
Switches
login executes the file /etc/default/login. This file sets switches that
control login's behavior. Each switch has the form
SWITCH=VALUE
where SWITCH is the switch being set and VALUE is the value to which it is
being set. login exports some of these switches as environmental
variables, to give the programs that login invokes a minimal working
environment.
login recognizes the following switches by default:
ALTSHELL
If set to YES, the login shell's name is recorded in the environment.
If set to NO, it is not. By default, login sets this to YES.
CONSOLE
The allowable terminal devices (from /dev) from which the superuser
root can log into your system. If this names more than one device,
you must separated them with colons. If this variable is not set,
then root can log in from any device. A device name can also include
the wildcard character `?'.
HZ Your computer's clock tick frequency, in Hertz. login does not set a
default. login exports this switch as an environmental variable.
IDLEWEEKS
The number of weeks before a login is disabled for lack of use. login
does not set this variable.
NEWUSER
This switch gives a shell command that is to be executed when the file
$HOME/.lastlogin does not exist. By default, it displays a warning
message is displayed. The installation script for COHERENT typically
creates a setting for you that executes the file /etc/default/welcome
instead. This works with the command /etc/newusr to provide a
``friendly'' environment for users who are using COHERENT for the
first time.
PASSREQ
If set to YES, every user must have a password. If set to NO, some
users may log in without a password. By default login sets this to
YES.
PATH This variable names the directories that an interactive shell searches
for executable files. By default, login sets this to /bin:/usr/bin.
login exports this switch as an environmental variable.
SUPATH
The default path for the superuser root. By default, login sets this
to /bin:/usr/bin. login exports this switch as an environmental
variable.
TIMEOUT
The time, in seconds, that login waits before it silently terminates
and returns control to getty. login gives the user five ``chances'' to
log in during this time. login by default sets this to 120.
TIMEZONE
The current time zone. This variable has the same format as the
COHERENT environmental variable TZ: that is, it uses the template
NSTHNDT, where NST is a three-character abbreviation for your local
standard time (e.g., CST for Central Standard Time), H gives the
number of hours difference between your time zone and Greenwich Mean
Time, and NSD gives a three-character abbreviation for your local
daylight-saving time. login exports this switch as an environmental
variable.
Note that this variable is set for the benefit of code imported from
UNIX. Most COHERENT commands use the environmental variable TIMEZONE,
which much more detailed information about your local time zone. For
details on TIMEZONE, see its entry in the Lexicon.
Note, too, that the variable TZ, which is set in file /etc/timezone,
should be set to exactly the same string as /etc/default/TIMEZONE;
otherwise, much confusion will result.
ULIMIT
The maximum size, in 512-byte blocks, of a file that the user can
create. login does not set a default. At present, COHERENT ignores
this option.
UMASK
This gives the permissions that a shell sets by default for files that
the user cretaes. login does not set a default value for this
variable. login exports this switch as an environmental variable.
Logging Failed Attempts
If the user attempts and fails five times to log in, login records the
erroneous attempts in file /usr/adm/loginlog (should that file exist), and
it disables the terminal for a period of time. (Note that previous
versions of COHERENT recorded failed attempts in file /usr/adm/failed.)
login does not record when the user typed only <return> in response to a
prompt for a login identifier. If the user does not succeed in logging in
within two minutes (120 seconds), login silently disconnects the terminal
and returns control of the device to getty.
Restrictions on Logging In
If the file /etc/nologin exists, login refuses to let any users login in,
except for the superuser root and the (presumably few) users named in file
/etc/trustme. You can use this mechanism to stop users from logging in at
an inopportune time, e.g., when the system is about to be shut down. In
response to an attempt to log in, login displays the contents of that file,
which should contain the system administrator's explanation of why logins
are not permitted at that time.
login also reads file /etc/usrtime, if it exists. This file gives user
identifiers; for each identifier, it gives the tty line from which that
user can log in, and the day of the week and time of day during which that
user can log in. login rejects the user's login if it is from a tty line
forbidden to the user, or outside the day and time permitted. If a user's
login identifier is not in this file, login assumes that that user can log
in from any line and at any time. Additional options allow you to control
globally all users, or interactive users, UUCP accounts, or SLIP users.
Passwords
login prompts the user for a password when he logs in. login takes its
copy of the user's password from file /etc/passwd. If the password consists
of a single asterisk `*', then login reads the password from file
/etc/shadow. This file should be legible only by the superuser root. Once
the passwords are in /etc/shadow, they can be read only by processes that
have root-level permissions, such as login. This protects the encrypted
passwords from being read by ordinary users, and perhaps decrypted by a
``cracker.'' For details, see the Lexicon entry for shadow.
Note that if a user's password consists of `*' and file /etc/shadow does
not exist, login assumes that the user's password encrypts to `*'. This
effectively locks the user out of his account. The lesson is not to remove
or modify /etc/shadow capriciously.
In addition, login reads the files /etc/dialups and /etc/d_passwd, which
hold auxiliary passwords. You can set auxiliary passwords for users on
selected tty lines to provide additional security. For details, see these
files' entries in the Lexicon.
Success In Logging In
If the user succeeds in logging in, login displays on his terminal the date
and time that he last logged in, as recorded in file $HOME/.lastlogin.
login updates this file whenever the user logs in. If this file had been
modified by a process other than login, login warns the user of a possible
breach in his account's security.
login then prints the contents of the file /etc/motd, which holds the
message of the day. It also sets the environmental variable LOGNAME to the
user's login identifier.
As its last action, login invokes the user's shell, as set in the last
field of his entry in /etc/passwd. Under COHERENT, this is either the
Bourne shell sh or the Korn shell ksh. (login can also invoke a program in
place of a shell, e.g., the command uucico for a UUCP account.) If login
invokes an interactive shell, it does so with the first character of its
argv[0] set to `-', so that the shell knows that it is a login shell. (For
example, if login invokes ksh, its argv[0] is -ksh.)
When a shell starts up, it executes the script /etc/profile. This script
executes the command umask, to set the permissions that the shell gives by
default to files that that user creates; and then sets the following
environmental variables:
HZ The default clock speed for your system. By default, COHERENT sets
this to 100.
LOGNAME
The user's login identifier.
MAIL This names the user's mailbox. By default, it is set to
/usr/spool/mail/login_id.
PAGER
The command used to ``page'' through files of text. By default,
COHERENT sets this to more.
PATH The directories that the shell searches for executable files. By
default, COHERENT sets these to /bin and /usr/bin.
TERM The type of terminal at which the user is working. By default,
COHERENT reads file /etc/ttytype to read the default terminal type for
a given port. For details, see the description of this command in the
Lexicon.
Finally, /etc/profile calls the script /etc/timezone, which sets the
following environmental variables:
TZ Your time zone, as interpreted by most UNIX software.
TIMEZONE
Your time zone, as interpreted by the COHERENT system. At present, it
contains considerably more information about your time zone than does
TZ. For details of this variable, see its description in the Lexicon.
The shell then executes the script $HOME/.profile, should one exist. The
COHERENT command newusr creates this file when it installs a new user. The
user can edit this file to set environmental variables, and to invoke
commands for his amusement, e.g., /usr/games/fortune.
Command-line Options
If a user invokes login as a command, he can set one or more environmental
variables on login's command line. If environ_var contains an equal sign,
then it and value are placed into the environment. If environ_var does not
contain an equal sign, then login places it into the environment with the
format:
environ_var=n
where n is a number from zero through the number of environmental variables
being so set.
For security reasons, login refuses to set from its command line any of the
following environmental variables:
CDPATH HOME
HZ IFS
LOGNAME MAIL
PATH SHELL
TZ
login also recognizes the command-line option -p, which tells login to
preserve the user's current environment when logging in as login_id. If it
is not invoked with this option, login ``empties'' the current user's
before it constructs the environment for user login_id. If it is invoked
with this option login replaces existing environmental variables with those
it sets during the login process, but it preserves all other environmental
variables set in the original environment.
Subsystem Logins
login supports virtual ``subsystems'' under COHERENT. If the user's shell
as specified in /etc/passwd is `*', then login makes the user's HOME
directory into the system's root directory, informs the user that it is
executing a ``Subsystem login,'' and then re-executes login. The new root
directory must have its own versions of the commands /etc/passwd,
/bin/login, and /dev files. Once so logged in, the user has, in effect,
his own virtual version of the COHERENT system.
Files
/etc/d_passwd -- Passwords for shells on dialup lines
/etc/default/login -- Default parameters for login
/etc/dialups -- List of dialup tty lines
/etc/group -- File that defines user groups
/etc/nologin -- Forbid all logins
/etc/passwd -- Password file
/etc/profile -- Script executed by sh and ksh upon invocation
/etc/shadow -- Optional file of ``shadow'' passwords
/etc/trustme -- Permit named users to log in despite nologin
/etc/ttytype -- Default terminal type on a given tty line
/etc/utmp -- Identifiers of users who are logged into your system
/etc/usrtime -- Login restrictions for user login_id
/etc/wtmp -- History of who has logged in, and when
/usr/adm/loginlog -- Record of failed login attempts
/usr/spool/mail/name -- Mailbox for user
$HOME/.lastlogin -- Date of user's last login
See Also
Administering COHERENT,
commands,
ksh,
lastlogin,
mail,
sh,
newgrp,
newusr,
welcome
Notes
This version of login no longer recognizes the remote-access account
remacc. To duplicate the function of this account, set the files
/etc/dialups and /etc/d_passwd. For details, see their entries in the
Lexicon.
This version of login was written by Tony Field (tony@ajfcal.cuc.ab.ca),
with help from Uwe Doering (gemini@geminix.in-berlin.de). It was ported to
COHERENT by Harry Pulley (hcpiv@snowhite.cis.uoguelph.ca), with help from
Udo Munk (udo@umunk.gun.de).
