login(1) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨 페이지 이름
검색(S)

login(1)

login(1)                         User Commands                        login(1)



NAME
       login - sign on to the system

SYNOPSIS
       login [-p] [-d device] [-R repository] [-s service]
            [-t terminal] [-u identity] [-U ruser]
            [-h hostname [terminal] | -r hostname]
            [name [environ]...]

DESCRIPTION
       The  login command is used at the beginning of each terminal session to
       identify oneself to the system. login is invoked by the system  when  a
       connection is first established, after the previous user has terminated
       the login shell by issuing the exit command.


       Login cannot be invoked as a command, except by the superuser.


       If login is invoked as a command, it must replace the  initial  command
       interpreter. To invoke login in this fashion, type:

         exec login



       from  the  initial  shell.  The  C  shell and Korn shell have their own
       built-ins of login. See ksh(1), ksh88(1), and csh(1)  for  descriptions
       of login built-ins and usage.


       login  asks  for  your user name, if it is not supplied as an argument,
       and your password, if appropriate. Where possible,  echoing  is  turned
       off  while you type your password, so it does not appear on the written
       record of the session.


       If you make any mistake in the login procedure, the message:

         Login incorrect



       is printed and a new login prompt appears. If you make  five  incorrect
       login  attempts,  all  five  can  be logged in /var/adm/loginlog, if it
       exists. The TTY line is dropped.


       If password aging is turned on and the password has aged (see passwd(1)
       for  more  information),  the user is forced to change the password. In
       this case the /etc/nsswitch.conf file is consulted to  determine  pass‐
       word  repositories (see nsswitch.conf(5)). The password update configu‐
       rations supported are limited to the following cases.

           o      passwd: files


           o      passwd: files nis



       Failure to comply with the configurations prevents the user  from  log‐
       ging  onto  the  system because passwd(1) fails. If you do not complete
       the login successfully within a certain period of time,  it  is  likely
       that you are silently disconnected.


       After  a  successful login, accounting files are updated. Device owner,
       group, and permissions  are  set  according  to  the  contents  of  the
       /etc/logindevperm file, and the time you last logged in is printed (see
       logindevperm(5)).


       The user-ID, group-ID, supplementary group list, and working  directory
       are initialized, and the command interpreter is started.


       The basic environment is initialized to:

         HOME=your-login-directory
         LOGNAME=your-login-name
         PATH=/usr/bin:
         SHELL=last-field-of-passwd-entry
         MAIL=/var/mail/



       For Bourne shell and Korn shell logins, the shell executes /etc/profile
       and $HOME/.profile, if it exists.


       For  the  ksh  Korn  shell,  an   interactive   shell   then   executes
       /etc/ksh.kshrc,  followed  by the file specified by the ENV environment
       variable. If $ENV is not set, this defaults to  $HOME/.kshrc.  For  the
       ksh  and /usr/xpg4/bin/sh Korn Shell, an interactive shell executes the
       file named by $ENV (no default).


       For C shell logins, the shell executes /etc/.login,  $HOME/.cshrc,  and
       $HOME/.login. The default /etc/profile and /etc/.login files check quo‐
       tas (see quota(8)), print /etc/motd, and check for mail.  None  of  the
       messages  are  printed if the file $HOME/.hushlogin exists. The name of
       the command interpreter is set to − (dash), followed by the last compo‐
       nent of the interpreter's path name, for example, −sh.


       If the login-shell field in the password file (see passwd(5)) is empty,
       then the default command interpreter, /usr/bin/sh,  is  used.  If  this
       field is * (asterisk), then the named directory becomes the root direc‐
       tory. At that point, login is re-executed at the new level, which  must
       have its own root structure.


       The  environment  can  be  expanded or modified by supplying additional
       arguments to login, either at execution time  or  when  login  requests
       your login name. The arguments can take either the form xxx or xxx=yyy.
       Arguments without an = (equal sign) are placed in the environment as:

         Ln=xxx



       where n is a number starting at 0 and is incremented each  time  a  new
       variable  name  is required. Variables containing an = (equal sign) are
       placed in the environment without modification. If they already  appear
       in the environment, then they replace the older values.


       There  are  two  exceptions:  The  variables  PATH  and SHELL cannot be
       changed. This prevents people logged into restricted shell environments
       from  spawning  secondary  shells that are not restricted. login under‐
       stands simple single-character quoting conventions. Typing a  \  (back‐
       slash)  in  front  of a character quotes it and allows the inclusion of
       such characters as spaces and tabs.


       Alternatively, you can pass the current environment by supplying the -p
       flag  to login. This flag indicates that all currently defined environ‐
       ment variables should be passed, if possible, to the  new  environment.
       This  option does not bypass any environment variable restrictions men‐
       tioned above. Environment variables specified on the  login  line  take
       precedence, if a variable is passed by both methods.


       To  enable  remote  logins by root, edit the /etc/default/login file by
       inserting a # (pound sign) before the CONSOLE=/dev/console  entry.  See
       FILES.

SECURITY
       For  accounts  in  the files (passwd(5) and shadow(5)) name service, or
       the ldap name service, when configured  with  enableShadowUpdate  true,
       the  account can be configured to be automatically locked if successive
       failed login attempts equals or exceeds the configured value. See ldap‐
       client(8), user_attr(5), policy.conf(5), and pam_unix_auth(7).


       The  login  command  uses pam(3PAM) for authentication, account manage‐
       ment, session management, and password management. The  PAM  configura‐
       tion policy, listed in either /etc/pam.conf or /etc/pam.d/login, speci‐
       fies the modules to be used for login. Here is a partial pam.conf  file
       with  entries  for  the  login  command  using the UNIX authentication,
       account management, and session management modules:



         login  auth       required  pam_authtok_get.so.1
         login  auth       required  pam_unix_auth.so.1

         login  account    requisite pam_roles.so.1
         login  account    required  pam_unix_account.so.1

         login  session    required  pam_unix_session.so.1



       The equivalent PAM configuration in /etc/pam.d/ would be the  following
       entries in /etc/pam.d/login:

         auth     required  pam_authtok_get.so.1
         auth     required  pam_unix_auth.so.1
         account  requisite pam_roles.so.1
         account  required  pam_unix_account.so.1

         session  required  pam_unix_session.so.1



       The Password Management stack in /etc/pam.conf typically looks like the
       following:


         other  password   requisite  pam_authtok_get.so.1
         other  password   requisite  pam_authtok_check.so.1
         other  password   required   pam_authtok_store.so.1



       If there are  no  entries  for  a  PAM  service  in  /etc/pam.conf  and
       /etc/pam.d/service   then  the  entries  for  the  "other"  service  in
       /etc/pam.conf are used. If there are not any entries  in  /etc/pam.conf
       for  the  "other" service, then the entries in /etc/pam.d/other will be
       used. If multiple authentication modules are listed, then the user  can
       be prompted for multiple passwords.


       When login is invoked through rlogind or telnetd, the service name used
       by PAM is rlogin or telnet, respectively.

OPTIONS
       The following options are supported:

       -d device

           login accepts a device option, device. device is taken  to  be  the
           path  name  of  the TTY port login is to operate on. The use of the
           device option can be expected to improve login  performance,  since
           login does not need to call ttyname(3C). The -d option is available
           only to users whose UID and  effective  UID  are  root.  Any  other
           attempt to use -d causes login to quietly exit.


       -h hostname [terminal]

           Used by in.telnetd(8) to pass information about the remote host and
           terminal type.

           Terminal type as a second argument to  the  -h  option  should  not
           start with a hyphen (-).


       -p

           Used to pass environment variables to the login shell.


       -r hostname

           Used by in.rlogind(8) to pass information about the remote host.


       -R repository

           Used  to specify the PAM repository that should be used to tell PAM
           about the "identity" (see option -u below). If no "identity" infor‐
           mation is passed, the repository is not used.


       -s service

           Indicates  the PAM service name that should be used. Normally, this
           argument is not necessary and is used only for specifying  alterna‐
           tive  PAM  service names. For example: "ktelnet" for the Kerberized
           telnet process.


       -u identity

           Specifies the "identity" string associated with  the  user  who  is
           being authenticated. This usually is not be the same as that user's
           UNIX login name. For Kerberized login sessions, this  is  the  Ker‐
           beros principal name associated with the user.


       -U ruser

           Indicates  the name of the person attempting to login on the remote
           side of the rlogin connection. When in.rlogind(8) is  operating  in
           Kerberized mode, that daemon processes the terminal and remote user
           name information prior to invoking login, so the  "ruser"  data  is
           indicated using this command line parameter. Normally (non-Kerberos
           authenticated rlogin), the  login  daemon  reads  the  remote  user
           information from the client.


EXIT STATUS
       The following exit values are returned:

       0

           Successful operation.


       non-zero

           Error.


FILES
       $HOME/.cshrc

           Initial commands for each csh.


       $HOME/.hushlogin

           Suppresses login messages.


       $HOME/.kshrc

           User's  commands  for  interactive  ksh, if $ENV is unset; executes
           after /etc/ksh.kshrc.


       $HOME/.login

           User's login commands for csh.


       $HOME/.profile

           User's login commands for sh and ksh.


       $HOME/.rhosts

           Private list of trusted hostname/username combinations.


       /etc/.login

           System-wide csh login commands.


       /etc/issue

           Issue or project identification.


       /etc/ksh.kshrc

           System-wide commands for interactive ksh.


       /etc/logindevperm

           Login-based device permissions.


       /etc/motd

           Message-of-the-day.


       /etc/nologin

           Message displayed to users attempting to login during machine shut‐
           down.


       /etc/passwd

           Password file.


       /etc/profile

           System-wide sh and ksh login commands.


       /etc/shadow

           List of users' encrypted passwords.


       /usr/bin/sh

           User's default command interpreter.


       /var/adm/lastlog

           Time of last login.


       /var/adm/loginlog

           Record of failed login attempts.


       /var/adm/utmpx

           Accounting.


       /var/adm/wtmpx

           Accounting.


       /var/mail/your-name

           Mailbox for user your-name.


       /etc/default/login

           Default   value   can   be   set   for   the   following  flags  in
           /etc/default/login. Default values are specified as comments in the
           /etc/default/login file, for example, ULIMIT=0.

           The  /etc/default/login  file is obsolete. However, you can use the
           svc:/system/account-policy:default service to set the corresponding
           SMF properties.

           The following table lists the mapping between the properties in the
           /etc/default/login and the SMF properties:



           tab()  box;  lw(NaNi)  |lw(NaNi)  lw(NaNi)  |lw(NaNi)  Property  in
           /etc/default/loginCorresponding  SMF  Property  _  HZlogin/environ‐
           ment/hz  _   ULIMITlogin/environment/ulimit   _   CONSOLElogin_pol‐
           icy/root_login_device   _  PASSREQlogin_policy/password_required  _
           ALTSHELLlogin/environment/set_shell _ PATHlogin/environment/path  _
           SUPATHlogin/environment/root_path  _  TIMEOUTlogin_policy/timeout _
           UMASKlogin_environment/umask _  SYSLOGlogin/log/syslog  _  DISABLE‐
           TIMElogin_policy/disabletime  _  SLEEPTIMElogin_policy/sleeptime  _
           RETRIESlogin_policy/retries  _   SYSLOG_FAILED_LOGINSlogin/log/sys‐
           log_failed_attempts

           For  information  on  managing the SMF properties, see the account-
           policy(8S) man page.

           The descriptions of the properties in the  /etc/default/login  file
           are as follows:



           HZ

               Sets the HZ environment variable of the shell.


           ULIMIT

               Sets  the file size limit for the login. Units are disk blocks.
               Default is zero (no limit).


           CONSOLE

               If set, root can login on that device only. This does not  pre‐
               vent execution of remote commands with rsh(1). Comment out this
               line to allow login by root.


           PASSREQ

               Determines if login requires a non-null password.


           ALTSHELL

               Determines if login should set the SHELL environment variable.


           PATH

               Sets the initial shell PATH variable.


           SUPATH

               Sets the initial shell PATH variable for root.


           TIMEOUT

               Sets the number of seconds (between 0 and 900) to  wait  before
               abandoning a login session.


           UMASK

               Sets the initial shell file creation mode mask. See umask(1).


           SYSLOG

               Determines  whether the syslog(3C)  LOG_AUTH facility should be
               used to log all root logins at level  LOG_NOTICE  and  multiple
               failed login attempts at LOG_CRIT.


           DISABLETIME

               If  present,  and greater than zero, the number of seconds that
               login waits after RETRIES failed attempts or the PAM  framework
               returns PAM_ABORT. Default is 20 seconds. Minimum is 0 seconds.
               No maximum is imposed.


           SLEEPTIME

               If present, sets the number of seconds to wait before the login
               failure message is printed to the screen. This is for any login
               failure other than PAM_ABORT. Another login attempt is allowed,
               providing  RETRIES has not been reached or the PAM framework is
               returned PAM_MAXTRIES. Default is 4 seconds. Minimum is 0  sec‐
               onds. Maximum is 5 seconds.

               Both  su(8)  and sulogin(8) are affected by the value of SLEEP‐
               TIME.


           RETRIES

               Sets the number of retries for logging in (see pam(3PAM)).  The
               default is 5. The maximum number of retries is 15. For accounts
               configured with automatic locking  (see  SECURITY  above),  the
               account is locked and login exits. If automatic locking has not
               been configured, login exits without locking the account.


           SYSLOG_FAILED_LOGINS

               Used to determine how many failed login attempts are allowed by
               the  system  before a failed login message is logged, using the
               syslog(3C)  LOG_NOTICE facility. For example, if  the  variable
               is set to 0, login logs all failed login attempts.


           Of the flags listed in /etc/default/login, sshd(8) uses:

               o      PATH


               o      SUPATH


               o      UMASK



ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       tab()  box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
       TRIBUTE VALUE _ Availabilitysystem/core-os _ Interface StabilityCommit‐
       ted


SEE ALSO
       csh(1),   exit(1),  ksh(1),  ksh88(1),  mail(1),  mailx(1),  newgrp(1),
       passwd(1),  rlogin(1),  rsh(1),  sh(1),  shell_builtins(1),  telnet(1),
       umask(1),  rcmd(3C), syslog(3C), ttyname(3C) and pam(3PAM), termio(4I),
       auth_attr(5), exec_attr(5), hosts.equiv(5), issue(5),  logindevperm(5),
       loginlog(5), nologin(5), nsswitch.conf(5), pam.conf(5), passwd(5), pol‐
       icy.conf(5),  policy.conf(5),  profile(5),   shadow(5),   user_attr(5),
       user_attr(5),  utmpx(5), wtmpx(5), attributes(7), environ(7), pam_auth‐
       tok_check(7), pam_authtok_get(7), pam_authtok_store(7),  pam_dhkeys(7),
       pam_passwd_auth(7),        pam_unix_account(7),       pam_unix_auth(7),
       pam_unix_session(7), in.rlogind(8), in.telnetd(8), logins(8), quota(8),
       sshd(8),   su(8),   sulogin(8),   syslogd(8),  useradd(8),  userdel(8),
       account-policy(8S)

DIAGNOSTICS
       Login incorrect

           The user name or the password cannot be matched.


       Not on system console

           Root login denied. Check the CONSOLE setting in /etc/default/login.


       No directory! Logging in with home=/

           The user's home directory named in the passwd(5) database cannot be
           found or has the wrong permissions. Contact your system administra‐
           tor.


       No shell

           Cannot execute the shell named in the passwd(5)  database.  Contact
           your system administrator.


       NO LOGINS: System going down in N minutes

           The  machine  is  in the process of being shut down and logins have
           been disabled.


WARNINGS
       If you use the CONSOLE setting  to  disable  root  logins,  you  should
       arrange  that  remote  command  execution by root is also disabled. See
       rsh(1), rcmd(3C), and hosts.equiv(5) for further details.



Oracle Solaris 11.4               11 May 2021                         login(1)
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 5 CSS3