login(1) — Linux manual page


LOGIN(1)                        User Commands                       LOGIN(1)

NAME         top

       login - begin session on the system

SYNOPSIS         top

       login [ -p ] [ -h host ] [ -H ] [ -f username | username ]

DESCRIPTION         top

       login is used when signing onto a system.  If no argument is given,
       login prompts for the username.

       The user is then prompted for a password, where appropriate.  Echoing
       is disabled to prevent revealing the password.  Only a small number
       of password failures are permitted before login exits and the
       communications link is severed.

       If password aging has been enabled for the account, the user may be
       prompted for a new password before proceeding.  He will be forced to
       provide his old password and the new password before continuing.
       Please refer to passwd(1) for more information.

       The user and group ID will be set according to their values in the
       /etc/passwd file.  There is one exception if the user ID is zero: in
       this case, only the primary group ID of the account is set.  This
       should allow the system administrator to login even in case of
       network problems.  The value for $HOME, $USER, $SHELL, $PATH,
       $LOGNAME, and $MAIL are set according to the appropriate fields in
       the password entry.  $PATH defaults to /usr/local/bin:/bin:/usr/bin
       for normal users, and to /usr/local/sbin:/usr/local/bin:/sbin:/bin:
       /usr/sbin:/usr/bin for root, if not otherwise configured.

       The environment variable $TERM will be preserved, if it exists (other
       environment variables are preserved if the -p option is given), else
       it will be initialized to the terminal type on your tty.

       Then the user's shell is started.  If no shell is specified for the
       user in /etc/passwd, then /bin/sh is used.  If there is no directory
       specified in /etc/passwd, then / is used (the home directory is
       checked for the .hushlogin file described below).

       If the file .hushlogin exists, then a "quiet" login is performed
       (this disables the checking of mail and the printing of the last
       login time and message of the day).  Otherwise, if /var/log/lastlog
       exists, the last login time is printed (and the current login is

OPTIONS         top

       -p     Used by getty(8) to tell login not to destroy the environment.

       -f     Used to skip a login authentication.  This option is usually
              used by the getty(8) autologin feature.

       -h     Used by other servers (i.e., telnetd(8)) to pass the name of
              the remote host to login so that it may be placed in utmp and
              wtmp.  Only the superuser may use this option.

              Note that the -h option has an impact on the PAM service name.
              The standard service name is login, but with the -h option,
              the name is remote.  It is necessary to create proper PAM
              config files (e.g., /etc/pam.d/login and /etc/pam.d/remote).

       -H     Used by other servers (i.e., telnetd(8)) to tell login that
              printing the hostname should be suppressed in the login:
              prompt.  See also LOGIN_PLAIN_PROMPT below if your server does
              not allow the login command line to be configured.

       --help Display help text and exit.

       -V, --version
              Display version information and exit.


       login reads the /etc/login.defs(5) configuration file.  Note that the
       configuration file could be distributed with another package (e.g.,
       shadow-utils).  The following configuration items are relevant for

       MOTD_FILE (string)
           Specifies a ":" delimited list of "message of the day" files and
           directories to be displayed upon login.  If the specified path is
           a directory then displays all files with .motd file extension in
           version-sort order from the directory.

           The default value is /usr/share/misc/motd:/run/motd:/etc/motd.
           If the MOTD_FILE item is empty or a quiet login is enabled, then
           the message of the day is not displayed.  Note that the same
           functionality is also provided by the pam_motd(8) PAM module.

           The directories in the MOTD_FILE are supported since version

           Note that login does not implement any filenames overriding
           behavior like pam_motd (see also MOTD_FIRSTONLY), but all content
           from all files is displayed.  It is recommended to keep extra
           logic in content generators and use /run/motd.d rather than rely
           on overriding behavior hardcoded in system tools.

       MOTD_FIRSTONLY (boolean)
           Forces login to stop display content specified by MOTD_FILE after
           the first accessible item in the list.  Note that a directory is
           one item in this case.  This option allows login semantics to be
           configured to be more compatible with pam_motd.

       LOGIN_PLAIN_PROMPT (boolean)
           Tell login that printing the hostname should be suppressed in the
           login: prompt.  This is an alternative to the -H command line
           option.  The default value is no.

       LOGIN_TIMEOUT (number)
           Maximum time in seconds for login.  The default value is 60.

       LOGIN_RETRIES (number)
           Maximum number of login retries in case of a bad password.  The
           default value is 3.

       FAIL_DELAY (number)
           Delay in seconds before being allowed another three tries after a
           login failure.  The default value is 5.

       TTYPERM (string)
           The terminal permissions.  The default value is 0600 or 0620 if
           tty group is used.

       TTYGROUP (string)
           The login tty will be owned by the TTYGROUP.  The default value
           is tty.  If the TTYGROUP does not exist, then the ownership of
           the terminal is set to the user´s primary group.

           The TTYGROUP can be either the name of a group or a numeric group

       HUSHLOGIN_FILE (string)
           If defined, this file can inhibit all the usual chatter during
           the login sequence.  If a full pathname (e.g., /etc/hushlogins)
           is specified, then hushed mode will be enabled if the user´s name
           or shell are found in the file.  If this global hush login file
           is empty then the hushed mode will be enabled for all users.

           If a full pathname is not specified, then hushed mode will be
           enabled if the file exists in the user´s home directory.

           The default is to check /etc/hushlogins and if it does not exist
           then ~/.hushlogin

           If the HUSHLOGIN_FILE item is empty, then all the checks are

       DEFAULT_HOME (boolean)
           Indicate if login is allowed if we cannot change directory to the
           home directory.  If set to yes, the user will login in the root
           (/) directory if it is not possible to change directory to her
           home.  The default value is yes.

       LASTLOG_UID_MAX (unsigned number)
           Highest user ID number for which the lastlog entries should be
           updated.  As higher user IDs are usually tracked by remote user
           identity and authentication services there is no need to create a
           huge sparse lastlog file for them.  No LASTLOG_UID_MAX option
           present in the configuration means that there is no user ID limit
           for writing lastlog entries.

       LOG_UNKFAIL_ENAB (boolean)
           Enable display of unknown usernames when login failures are
           recorded.  The default value is no.

           Note that logging unknown usernames may be a security issue if a
           user enters her password instead of her login name.

       ENV_PATH (string)
           If set, it will be used to define the PATH environment variable
           when a regular user logs in.  The default value is /usr/local

       ENV_ROOTPATH (string)
       ENV_SUPATH (string)
           If set, it will be used to define the PATH environment variable
           when the superuser logs in.  ENV_ROOTPATH takes precedence.  The
           default value is /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr

FILES         top


BUGS         top

       The undocumented BSD -r option is not supported.  This may be
       required by some rlogind(8) programs.

       A recursive login, as used to be possible in the good old days, no
       longer works; for most purposes su(1) is a satisfactory substitute.
       Indeed, for security reasons, login does a vhangup(2) system call to
       remove any possible listening processes on the tty.  This is to avoid
       password sniffing.  If one uses the command login, then the
       surrounding shell gets killed by vhangup(2) because it's no longer
       the true owner of the tty.  This can be avoided by using exec login
       in a top-level shell or xterm.

AUTHORS         top

       Derived from BSD login 5.40 (5/9/89) by Michael Glad ⟨glad@daimi.dk⟩
       for HP-UX
       Ported to Linux 0.12: Peter Orbaek ⟨poe@daimi.aau.dk⟩
       Rewritten to a PAM-only version by Karel Zak ⟨kzak@redhat.com⟩

SEE ALSO         top

       mail(1), passwd(1), passwd(5), utmp(5), environ(7), getty(8),
       init(8), lastlog(8) shutdown(8)

AVAILABILITY         top

       The login command is part of the util-linux package and is available
       from Linux Kernel Archive 

COLOPHON         top

       This page is part of the util-linux (a random collection of Linux
       utilities) project.  Information about the project can be found at 
       ⟨https://www.kernel.org/pub/linux/utils/util-linux/⟩.  If you have a
       bug report for this manual page, send it to
       util-linux@vger.kernel.org.  This page was obtained from the
       project's upstream Git repository
       ⟨git://git.kernel.org/pub/scm/utils/util-linux/util-linux.git⟩ on
       2020-08-13.  (At that time, the date of the most recent commit that
       was found in the repository was 2020-08-12.)  If you discover any
       rendering problems in this HTML version of the page, or you believe
       there is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to

util-linux                        June 2012                         LOGIN(1)

Pages that refer to this page: ac(1)bash(1)chsh(1)intro(1)last(1@@util-linux)mesg(1)newgrp(1)newgrp(1@@util-linux)openvt(1)sg(1)su(1@@shadow-utils)ul(1)crypt(3)crypt_r(3)pam(3)ttyslot(3)group(5)login.defs(5)motd(5)nologin(5)passwd(5)passwd(5@@shadow-utils)proc(5)procfs(5)securetty(5)shadow(5)systemd.exec(5)utmp(5)utmpx(5)wtmp(5)environ(7)agetty(8)faillog(8)nologin(8)nologin(8@@shadow-utils)pam(8)PAM(8)