COHERENT manpages
This page displays the COHERENT manpage for login [Log in a user].
List of available manpages
Index
login -- Command Log in a user login [-p] [login_id [environ_var[=value] ...] ] The command login allows a user to identify himself to your system. A user can invoke it as a command, or the system itself can invoke it (usually through the command getty) when a user attempts to log in. You can invoke login as a command. To do so, return to your lowest-level (login) shell, then type either login or: exec /bin/login This invocation replaces the shell with login, and so ensures a smooth transition from one user account to another. If the user does not supply a login_id on the login command line, login prompts him for the login identifier to use. If the account for login_id is protected by a password, login then asks the user to enter that password. If possible, login turns off echoing during the entry of the password to ensure that bystanders (or ``kibitzers'') cannot see the password displayed on his terminal. Switches login executes the file /etc/default/login. This file sets switches that control login's behavior. Each switch has the form SWITCH=VALUE where SWITCH is the switch being set and VALUE is the value to which it is being set. login exports some of these switches as environmental variables, to give the programs that login invokes a minimal working environment. login recognizes the following switches by default: ALTSHELL If set to YES, the login shell's name is recorded in the environment. If set to NO, it is not. By default, login sets this to YES. CONSOLE The allowable terminal devices (from /dev) from which the superuser root can log into your system. If this names more than one device, you must separated them with colons. If this variable is not set, then root can log in from any device. A device name can also include the wildcard character `?'. HZ Your computer's clock tick frequency, in Hertz. login does not set a default. login exports this switch as an environmental variable. IDLEWEEKS The number of weeks before a login is disabled for lack of use. login does not set this variable. NEWUSER This switch gives a shell command that is to be executed when the file $HOME/.lastlogin does not exist. By default, it displays a warning message is displayed. The installation script for COHERENT typically creates a setting for you that executes the file /etc/default/welcome instead. This works with the command /etc/newusr to provide a ``friendly'' environment for users who are using COHERENT for the first time. PASSREQ If set to YES, every user must have a password. If set to NO, some users may log in without a password. By default login sets this to YES. PATH This variable names the directories that an interactive shell searches for executable files. By default, login sets this to /bin:/usr/bin. login exports this switch as an environmental variable. SUPATH The default path for the superuser root. By default, login sets this to /bin:/usr/bin. login exports this switch as an environmental variable. TIMEOUT The time, in seconds, that login waits before it silently terminates and returns control to getty. login gives the user five ``chances'' to log in during this time. login by default sets this to 120. TIMEZONE The current time zone. This variable has the same format as the COHERENT environmental variable TZ: that is, it uses the template NSTHNDT, where NST is a three-character abbreviation for your local standard time (e.g., CST for Central Standard Time), H gives the number of hours difference between your time zone and Greenwich Mean Time, and NSD gives a three-character abbreviation for your local daylight-saving time. login exports this switch as an environmental variable. Note that this variable is set for the benefit of code imported from UNIX. Most COHERENT commands use the environmental variable TIMEZONE, which much more detailed information about your local time zone. For details on TIMEZONE, see its entry in the Lexicon. Note, too, that the variable TZ, which is set in file /etc/timezone, should be set to exactly the same string as /etc/default/TIMEZONE; otherwise, much confusion will result. ULIMIT The maximum size, in 512-byte blocks, of a file that the user can create. login does not set a default. At present, COHERENT ignores this option. UMASK This gives the permissions that a shell sets by default for files that the user cretaes. login does not set a default value for this variable. login exports this switch as an environmental variable. Logging Failed Attempts If the user attempts and fails five times to log in, login records the erroneous attempts in file /usr/adm/loginlog (should that file exist), and it disables the terminal for a period of time. (Note that previous versions of COHERENT recorded failed attempts in file /usr/adm/failed.) login does not record when the user typed only <return> in response to a prompt for a login identifier. If the user does not succeed in logging in within two minutes (120 seconds), login silently disconnects the terminal and returns control of the device to getty. Restrictions on Logging In If the file /etc/nologin exists, login refuses to let any users login in, except for the superuser root and the (presumably few) users named in file /etc/trustme. You can use this mechanism to stop users from logging in at an inopportune time, e.g., when the system is about to be shut down. In response to an attempt to log in, login displays the contents of that file, which should contain the system administrator's explanation of why logins are not permitted at that time. login also reads file /etc/usrtime, if it exists. This file gives user identifiers; for each identifier, it gives the tty line from which that user can log in, and the day of the week and time of day during which that user can log in. login rejects the user's login if it is from a tty line forbidden to the user, or outside the day and time permitted. If a user's login identifier is not in this file, login assumes that that user can log in from any line and at any time. Additional options allow you to control globally all users, or interactive users, UUCP accounts, or SLIP users. Passwords login prompts the user for a password when he logs in. login takes its copy of the user's password from file /etc/passwd. If the password consists of a single asterisk `*', then login reads the password from file /etc/shadow. This file should be legible only by the superuser root. Once the passwords are in /etc/shadow, they can be read only by processes that have root-level permissions, such as login. This protects the encrypted passwords from being read by ordinary users, and perhaps decrypted by a ``cracker.'' For details, see the Lexicon entry for shadow. Note that if a user's password consists of `*' and file /etc/shadow does not exist, login assumes that the user's password encrypts to `*'. This effectively locks the user out of his account. The lesson is not to remove or modify /etc/shadow capriciously. In addition, login reads the files /etc/dialups and /etc/d_passwd, which hold auxiliary passwords. You can set auxiliary passwords for users on selected tty lines to provide additional security. For details, see these files' entries in the Lexicon. Success In Logging In If the user succeeds in logging in, login displays on his terminal the date and time that he last logged in, as recorded in file $HOME/.lastlogin. login updates this file whenever the user logs in. If this file had been modified by a process other than login, login warns the user of a possible breach in his account's security. login then prints the contents of the file /etc/motd, which holds the message of the day. It also sets the environmental variable LOGNAME to the user's login identifier. As its last action, login invokes the user's shell, as set in the last field of his entry in /etc/passwd. Under COHERENT, this is either the Bourne shell sh or the Korn shell ksh. (login can also invoke a program in place of a shell, e.g., the command uucico for a UUCP account.) If login invokes an interactive shell, it does so with the first character of its argv[0] set to `-', so that the shell knows that it is a login shell. (For example, if login invokes ksh, its argv[0] is -ksh.) When a shell starts up, it executes the script /etc/profile. This script executes the command umask, to set the permissions that the shell gives by default to files that that user creates; and then sets the following environmental variables: HZ The default clock speed for your system. By default, COHERENT sets this to 100. LOGNAME The user's login identifier. MAIL This names the user's mailbox. By default, it is set to /usr/spool/mail/login_id. PAGER The command used to ``page'' through files of text. By default, COHERENT sets this to more. PATH The directories that the shell searches for executable files. By default, COHERENT sets these to /bin and /usr/bin. TERM The type of terminal at which the user is working. By default, COHERENT reads file /etc/ttytype to read the default terminal type for a given port. For details, see the description of this command in the Lexicon. Finally, /etc/profile calls the script /etc/timezone, which sets the following environmental variables: TZ Your time zone, as interpreted by most UNIX software. TIMEZONE Your time zone, as interpreted by the COHERENT system. At present, it contains considerably more information about your time zone than does TZ. For details of this variable, see its description in the Lexicon. The shell then executes the script $HOME/.profile, should one exist. The COHERENT command newusr creates this file when it installs a new user. The user can edit this file to set environmental variables, and to invoke commands for his amusement, e.g., /usr/games/fortune. Command-line Options If a user invokes login as a command, he can set one or more environmental variables on login's command line. If environ_var contains an equal sign, then it and value are placed into the environment. If environ_var does not contain an equal sign, then login places it into the environment with the format: environ_var=n where n is a number from zero through the number of environmental variables being so set. For security reasons, login refuses to set from its command line any of the following environmental variables: CDPATH HOME HZ IFS LOGNAME MAIL PATH SHELL TZ login also recognizes the command-line option -p, which tells login to preserve the user's current environment when logging in as login_id. If it is not invoked with this option, login ``empties'' the current user's before it constructs the environment for user login_id. If it is invoked with this option login replaces existing environmental variables with those it sets during the login process, but it preserves all other environmental variables set in the original environment. Subsystem Logins login supports virtual ``subsystems'' under COHERENT. If the user's shell as specified in /etc/passwd is `*', then login makes the user's HOME directory into the system's root directory, informs the user that it is executing a ``Subsystem login,'' and then re-executes login. The new root directory must have its own versions of the commands /etc/passwd, /bin/login, and /dev files. Once so logged in, the user has, in effect, his own virtual version of the COHERENT system. Files /etc/d_passwd -- Passwords for shells on dialup lines /etc/default/login -- Default parameters for login /etc/dialups -- List of dialup tty lines /etc/group -- File that defines user groups /etc/nologin -- Forbid all logins /etc/passwd -- Password file /etc/profile -- Script executed by sh and ksh upon invocation /etc/shadow -- Optional file of ``shadow'' passwords /etc/trustme -- Permit named users to log in despite nologin /etc/ttytype -- Default terminal type on a given tty line /etc/utmp -- Identifiers of users who are logged into your system /etc/usrtime -- Login restrictions for user login_id /etc/wtmp -- History of who has logged in, and when /usr/adm/loginlog -- Record of failed login attempts /usr/spool/mail/name -- Mailbox for user $HOME/.lastlogin -- Date of user's last login See Also Administering COHERENT, commands, ksh, lastlogin, mail, sh, newgrp, newusr, welcome Notes This version of login no longer recognizes the remote-access account remacc. To duplicate the function of this account, set the files /etc/dialups and /etc/d_passwd. For details, see their entries in the Lexicon. This version of login was written by Tony Field (tony@ajfcal.cuc.ab.ca), with help from Uwe Doering (gemini@geminix.in-berlin.de). It was ported to COHERENT by Harry Pulley (hcpiv@snowhite.cis.uoguelph.ca), with help from Udo Munk (udo@umunk.gun.de).