Scroll to navigation

LOGIN(1) 用户命令 LOGIN(1)

名称

login - 在系统上启动回话

大纲

login [-p] [-h host] [用户名] [ENV=VAR...]

login [-p] [-h host] -f 用户名

login [-p] -r host

描述

The login program is used to establish a new session with the system. It is normally invoked automatically by responding to the login: prompt on the user's terminal. login may be special to the shell and may not be invoked as a sub-process. When called from a shell, login should be executed as exec login which will cause the user to exit from the current shell (and thus will prevent the new logged in user to return to the session of the caller). Attempting to execute login from any shell but the login shell will produce an error message.

The user is then prompted for a password, where appropriate. Echoing is disabled to prevent revealing the password. Only a small number of password failures are permitted before login exits and the communications link is severed.

If password aging has been enabled for your account, you may be prompted for a new password before proceeding. You will be forced to provide your old password and the new password before continuing. Please refer to passwd(1) for more information.

Your user and group ID will be set according to their values in the /etc/passwd file. The value for $HOME, $SHELL, $PATH, $LOGNAME, and $MAIL are set according to the appropriate fields in the password entry. Ulimit, umask and nice values may also be set according to entries in the GECOS field.

On some installations, the environmental variable $TERM will be initialized to the terminal type on your tty line, as specified in /etc/ttytype.

命令解释器的初始化脚本也可能执行。请参考手册中相应的章节来获取关于此功能的更多信息。

在登录 shell 中以第一个字符是“*”标注的是子系统登录。给定的主目录将被用于用户实际登录的新文件系统的根。

The login program is NOT responsible for removing users from the utmp file. It is the responsibility of getty(8) and init(8) to clean up apparent ownership of a terminal session. If you use login from the shell prompt without exec, the user you use will continue to appear to be logged in even after you log out of the "subsession".

选项

-f
不要执行认证,用户已经预认证过。

Note: In that case, username is mandatory.

-h

此登录的远程主机名。

-p

保留环境。

-r

为 rlogin (远程登录)执行 autologin (自动登录)协议。

The -r, -h and -f options are only used when login is invoked by root.

CAVEATS

This version of login has many compilation options, only some of which may be in use at any particular site.

文件的位置由系统配置决定。

The login program is NOT responsible for removing users from the utmp file. It is the responsibility of getty(8) and init(8) to clean up apparent ownership of a terminal session. If you use login from the shell prompt without exec, the user you use will continue to appear to be logged in even after you log out of the "subsession".

As with any program, login's appearance can be faked. If non-trusted users have physical access to a machine, an attacker could use this to obtain the password of the next person coming to sit in front of the machine. Under Linux, the SAK mechanism can be used by users to initiate a trusted path and prevent this kind of attack.

配置文件

The following configuration variables in /etc/login.defs change the behavior of this tool:

CONSOLE_GROUPS (string)

List of groups to add to the user's supplementary groups set when logging in on the console (as determined by the CONSOLE setting). Default is none.

Use with caution - it is possible for users to gain permanent access to these groups, even when not logged in on the console.

DEFAULT_HOME (boolean)

如果不能 cd 到主目录时,说明是否允许登录。默认是否。

If set to yes, the user will login in the root (/) directory if it is not possible to cd to her home directory.

ENV_PATH (string)

If set, it will be used to define the PATH environment variable when a regular user login. The value is a colon separated list of paths (for example /bin:/usr/bin) and can be preceded by PATH=. The default value is PATH=/bin:/usr/bin.

ENV_SUPATH (string)

If set, it will be used to define the PATH environment variable when the superuser login. The value is a colon separated list of paths (for example /sbin:/bin:/usr/sbin:/usr/bin) and can be preceded by PATH=. The default value is PATH=/sbin:/bin:/usr/sbin:/usr/bin.

ERASECHAR (number)

Terminal ERASE character (010 = backspace, 0177 = DEL).

此值可以使用前缀“0”表示八进制,“0x”表示十六进制。

FAIL_DELAY (number)

登录失败后,等待多少秒才再允许登录。

FAKE_SHELL (string)

If set, login will execute this shell instead of the users' shell specified in /etc/passwd.

HUSHLOGIN_FILE (string)

If defined, this file can inhibit all the usual chatter during the login sequence. If a full pathname is specified, then hushed mode will be enabled if the user's name or shell are found in the file. If not a full pathname, then hushed mode will be enabled if the file exists in the user's home directory.

KILLCHAR (number)

Terminal KILL character (025 = CTRL/U).

此值可以使用前缀“0”表示八进制,“0x”表示十六进制。

LOGIN_RETRIES (number)

密码错误时,重试的最大次数。

This will most likely be overridden by PAM, since the default pam_unix module has its own built in of 3 retries. However, this is a safe fallback in case you are using an authentication module that does not enforce PAM_MAXTRIES.

LOGIN_TIMEOUT (number)

最大登录时间(以秒为单位)。

LOG_OK_LOGINS (boolean)

允许记录成功登录。

LOG_UNKFAIL_ENAB (boolean)

在记录到登录失败时,允许记录未知用户名。

注意:如果用户不小心将密码输入到了登录名中,记录未知用户名可能是一个安全隐患。

TTYGROUP (string), TTYPERM (string)

The terminal permissions: the login tty will be owned by the TTYGROUP group, and the permissions will be set to TTYPERM.

By default, the ownership of the terminal is set to the user's primary group and the permissions are set to 0600.

TTYGROUP can be either the name of a group or a numeric group identifier.

If you have a write program which is "setgid" to a special group which owns the terminals, define TTYGROUP to the group number and TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign TTYPERM to either 622 or 600.

TTYTYPE_FILE (string)

If defined, file which maps tty line to TERM environment parameter. Each line of the file is in a format something like "vt100 tty01".

USERGROUPS_ENAB (boolean)

If set to yes, userdel will remove the user's group if it contains no more members, and useradd will create by default a group with the name of the user.

文件

/var/run/utmp
当前登录会话的列表。

/var/log/wtmp

先前的登录会话列表。

/etc/passwd

用户账户信息。

/etc/shadow

安全用户账户信息。

/etc/motd

System message of the day file.

/etc/nologin

阻止非 root 用户登录。

/etc/ttytype

终端类型列表。

$HOME/.hushlogin

阻止现实系统信息。

/etc/login.defs

Shadow 密码套件配置。

参见

mail(1), passwd(1), sh(1), su(1), login.defs(5), nologin(5), passwd(5), securetty(5), getty(8).
2020-02-07 shadow-utils 4.8.1