svcadm(8)을 검색하려면 섹션에서 8 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
login(1)
login(1) User Commands login(1)
NAME
login - sign on to the system
SYNOPSIS
login [-p] [-d device] [-R repository] [-s service]
[-t terminal] [-u identity] [-U ruser]
[-h hostname [terminal] | -r hostname]
[name [environ]...]
DESCRIPTION
The login command is used at the beginning of each terminal session to
identify oneself to the system. login is invoked by the system when a
connection is first established, after the previous user has terminated
the login shell by issuing the exit command.
Login cannot be invoked as a command, except by the superuser.
If login is invoked as a command, it must replace the initial command
interpreter. To invoke login in this fashion, type:
exec login
from the initial shell. The C shell and Korn shell have their own
built-ins of login. See ksh(1), ksh88(1), and csh(1) for descriptions
of login built-ins and usage.
login asks for your user name, if it is not supplied as an argument,
and your password, if appropriate. Where possible, echoing is turned
off while you type your password, so it does not appear on the written
record of the session.
If you make any mistake in the login procedure, the message:
Login incorrect
is printed and a new login prompt appears. If you make five incorrect
login attempts, all five can be logged in /var/adm/loginlog, if it
exists. The TTY line is dropped.
If password aging is turned on and the password has aged (see passwd(1)
for more information), the user is forced to change the password. In
this case the /etc/nsswitch.conf file is consulted to determine pass‐
word repositories (see nsswitch.conf(5)). The password update configu‐
rations supported are limited to the following cases.
o passwd: files
o passwd: files nis
Failure to comply with the configurations prevents the user from log‐
ging onto the system because passwd(1) fails. If you do not complete
the login successfully within a certain period of time, it is likely
that you are silently disconnected.
After a successful login, accounting files are updated. Device owner,
group, and permissions are set according to the contents of the
/etc/logindevperm file, and the time you last logged in is printed (see
logindevperm(5)).
The user-ID, group-ID, supplementary group list, and working directory
are initialized, and the command interpreter is started.
The basic environment is initialized to:
HOME=your-login-directory
LOGNAME=your-login-name
PATH=/usr/bin:
SHELL=last-field-of-passwd-entry
MAIL=/var/mail/
For Bourne shell and Korn shell logins, the shell executes /etc/profile
and $HOME/.profile, if it exists.
For the ksh Korn shell, an interactive shell then executes
/etc/ksh.kshrc, followed by the file specified by the ENV environment
variable. If $ENV is not set, this defaults to $HOME/.kshrc. For the
ksh and /usr/xpg4/bin/sh Korn Shell, an interactive shell executes the
file named by $ENV (no default).
For C shell logins, the shell executes /etc/.login, $HOME/.cshrc, and
$HOME/.login. The default /etc/profile and /etc/.login files check quo‐
tas (see quota(8)), print /etc/motd, and check for mail. None of the
messages are printed if the file $HOME/.hushlogin exists. The name of
the command interpreter is set to − (dash), followed by the last compo‐
nent of the interpreter's path name, for example, −sh.
If the login-shell field in the password file (see passwd(5)) is empty,
then the default command interpreter, /usr/bin/sh, is used. If this
field is * (asterisk), then the named directory becomes the root direc‐
tory. At that point, login is re-executed at the new level, which must
have its own root structure.
The environment can be expanded or modified by supplying additional
arguments to login, either at execution time or when login requests
your login name. The arguments can take either the form xxx or xxx=yyy.
Arguments without an = (equal sign) are placed in the environment as:
Ln=xxx
where n is a number starting at 0 and is incremented each time a new
variable name is required. Variables containing an = (equal sign) are
placed in the environment without modification. If they already appear
in the environment, then they replace the older values.
There are two exceptions: The variables PATH and SHELL cannot be
changed. This prevents people logged into restricted shell environments
from spawning secondary shells that are not restricted. login under‐
stands simple single-character quoting conventions. Typing a \ (back‐
slash) in front of a character quotes it and allows the inclusion of
such characters as spaces and tabs.
Alternatively, you can pass the current environment by supplying the -p
flag to login. This flag indicates that all currently defined environ‐
ment variables should be passed, if possible, to the new environment.
This option does not bypass any environment variable restrictions men‐
tioned above. Environment variables specified on the login line take
precedence, if a variable is passed by both methods.
To enable remote logins by root, edit the /etc/default/login file by
inserting a # (pound sign) before the CONSOLE=/dev/console entry. See
FILES.
SECURITY
For accounts in the files (passwd(5) and shadow(5)) name service, or
the ldap name service, when configured with enableShadowUpdate true,
the account can be configured to be automatically locked if successive
failed login attempts equals or exceeds the configured value. See ldap‐
client(8), user_attr(5), policy.conf(5), and pam_unix_auth(7).
The login command uses pam(3PAM) for authentication, account manage‐
ment, session management, and password management. The PAM configura‐
tion policy, listed in either /etc/pam.conf or /etc/pam.d/login, speci‐
fies the modules to be used for login. Here is a partial pam.conf file
with entries for the login command using the UNIX authentication,
account management, and session management modules:
login auth required pam_authtok_get.so.1
login auth required pam_unix_auth.so.1
login account requisite pam_roles.so.1
login account required pam_unix_account.so.1
login session required pam_unix_session.so.1
The equivalent PAM configuration in /etc/pam.d/ would be the following
entries in /etc/pam.d/login:
auth required pam_authtok_get.so.1
auth required pam_unix_auth.so.1
account requisite pam_roles.so.1
account required pam_unix_account.so.1
session required pam_unix_session.so.1
The Password Management stack in /etc/pam.conf typically looks like the
following:
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1
If there are no entries for a PAM service in /etc/pam.conf and
/etc/pam.d/service then the entries for the "other" service in
/etc/pam.conf are used. If there are not any entries in /etc/pam.conf
for the "other" service, then the entries in /etc/pam.d/other will be
used. If multiple authentication modules are listed, then the user can
be prompted for multiple passwords.
When login is invoked through rlogind or telnetd, the service name used
by PAM is rlogin or telnet, respectively.
OPTIONS
The following options are supported:
-d device
login accepts a device option, device. device is taken to be the
path name of the TTY port login is to operate on. The use of the
device option can be expected to improve login performance, since
login does not need to call ttyname(3C). The -d option is available
only to users whose UID and effective UID are root. Any other
attempt to use -d causes login to quietly exit.
-h hostname [terminal]
Used by in.telnetd(8) to pass information about the remote host and
terminal type.
Terminal type as a second argument to the -h option should not
start with a hyphen (-).
-p
Used to pass environment variables to the login shell.
-r hostname
Used by in.rlogind(8) to pass information about the remote host.
-R repository
Used to specify the PAM repository that should be used to tell PAM
about the "identity" (see option -u below). If no "identity" infor‐
mation is passed, the repository is not used.
-s service
Indicates the PAM service name that should be used. Normally, this
argument is not necessary and is used only for specifying alterna‐
tive PAM service names. For example: "ktelnet" for the Kerberized
telnet process.
-u identity
Specifies the "identity" string associated with the user who is
being authenticated. This usually is not be the same as that user's
UNIX login name. For Kerberized login sessions, this is the Ker‐
beros principal name associated with the user.
-U ruser
Indicates the name of the person attempting to login on the remote
side of the rlogin connection. When in.rlogind(8) is operating in
Kerberized mode, that daemon processes the terminal and remote user
name information prior to invoking login, so the "ruser" data is
indicated using this command line parameter. Normally (non-Kerberos
authenticated rlogin), the login daemon reads the remote user
information from the client.
EXIT STATUS
The following exit values are returned:
0
Successful operation.
non-zero
Error.
FILES
$HOME/.cshrc
Initial commands for each csh.
$HOME/.hushlogin
Suppresses login messages.
$HOME/.kshrc
User's commands for interactive ksh, if $ENV is unset; executes
after /etc/ksh.kshrc.
$HOME/.login
User's login commands for csh.
$HOME/.profile
User's login commands for sh and ksh.
$HOME/.rhosts
Private list of trusted hostname/username combinations.
/etc/.login
System-wide csh login commands.
/etc/issue
Issue or project identification.
/etc/ksh.kshrc
System-wide commands for interactive ksh.
/etc/logindevperm
Login-based device permissions.
/etc/motd
Message-of-the-day.
/etc/nologin
Message displayed to users attempting to login during machine shut‐
down.
/etc/passwd
Password file.
/etc/profile
System-wide sh and ksh login commands.
/etc/shadow
List of users' encrypted passwords.
/usr/bin/sh
User's default command interpreter.
/var/adm/lastlog
Time of last login.
/var/adm/loginlog
Record of failed login attempts.
/var/adm/utmpx
Accounting.
/var/adm/wtmpx
Accounting.
/var/mail/your-name
Mailbox for user your-name.
/etc/default/login
Default value can be set for the following flags in
/etc/default/login. Default values are specified as comments in the
/etc/default/login file, for example, ULIMIT=0.
The /etc/default/login file is obsolete. However, you can use the
svc:/system/account-policy:default service to set the corresponding
SMF properties.
The following table lists the mapping between the properties in the
/etc/default/login and the SMF properties:
tab() box; lw(NaNi) |lw(NaNi) lw(NaNi) |lw(NaNi) Property in
/etc/default/loginCorresponding SMF Property _ HZlogin/environ‐
ment/hz _ ULIMITlogin/environment/ulimit _ CONSOLElogin_pol‐
icy/root_login_device _ PASSREQlogin_policy/password_required _
ALTSHELLlogin/environment/set_shell _ PATHlogin/environment/path _
SUPATHlogin/environment/root_path _ TIMEOUTlogin_policy/timeout _
UMASKlogin_environment/umask _ SYSLOGlogin/log/syslog _ DISABLE‐
TIMElogin_policy/disabletime _ SLEEPTIMElogin_policy/sleeptime _
RETRIESlogin_policy/retries _ SYSLOG_FAILED_LOGINSlogin/log/sys‐
log_failed_attempts
For information on managing the SMF properties, see the account-
policy(8S) man page.
The descriptions of the properties in the /etc/default/login file
are as follows:
HZ
Sets the HZ environment variable of the shell.
ULIMIT
Sets the file size limit for the login. Units are disk blocks.
Default is zero (no limit).
CONSOLE
If set, root can login on that device only. This does not pre‐
vent execution of remote commands with rsh(1). Comment out this
line to allow login by root.
PASSREQ
Determines if login requires a non-null password.
ALTSHELL
Determines if login should set the SHELL environment variable.
PATH
Sets the initial shell PATH variable.
SUPATH
Sets the initial shell PATH variable for root.
TIMEOUT
Sets the number of seconds (between 0 and 900) to wait before
abandoning a login session.
UMASK
Sets the initial shell file creation mode mask. See umask(1).
SYSLOG
Determines whether the syslog(3C) LOG_AUTH facility should be
used to log all root logins at level LOG_NOTICE and multiple
failed login attempts at LOG_CRIT.
DISABLETIME
If present, and greater than zero, the number of seconds that
login waits after RETRIES failed attempts or the PAM framework
returns PAM_ABORT. Default is 20 seconds. Minimum is 0 seconds.
No maximum is imposed.
SLEEPTIME
If present, sets the number of seconds to wait before the login
failure message is printed to the screen. This is for any login
failure other than PAM_ABORT. Another login attempt is allowed,
providing RETRIES has not been reached or the PAM framework is
returned PAM_MAXTRIES. Default is 4 seconds. Minimum is 0 sec‐
onds. Maximum is 5 seconds.
Both su(8) and sulogin(8) are affected by the value of SLEEP‐
TIME.
RETRIES
Sets the number of retries for logging in (see pam(3PAM)). The
default is 5. The maximum number of retries is 15. For accounts
configured with automatic locking (see SECURITY above), the
account is locked and login exits. If automatic locking has not
been configured, login exits without locking the account.
SYSLOG_FAILED_LOGINS
Used to determine how many failed login attempts are allowed by
the system before a failed login message is logged, using the
syslog(3C) LOG_NOTICE facility. For example, if the variable
is set to 0, login logs all failed login attempts.
Of the flags listed in /etc/default/login, sshd(8) uses:
o PATH
o SUPATH
o UMASK
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysystem/core-os _ Interface StabilityCommit‐
ted
SEE ALSO
csh(1), exit(1), ksh(1), ksh88(1), mail(1), mailx(1), newgrp(1),
passwd(1), rlogin(1), rsh(1), sh(1), shell_builtins(1), telnet(1),
umask(1), rcmd(3C), syslog(3C), ttyname(3C) and pam(3PAM), termio(4I),
auth_attr(5), exec_attr(5), hosts.equiv(5), issue(5), logindevperm(5),
loginlog(5), nologin(5), nsswitch.conf(5), pam.conf(5), passwd(5), pol‐
icy.conf(5), policy.conf(5), profile(5), shadow(5), user_attr(5),
user_attr(5), utmpx(5), wtmpx(5), attributes(7), environ(7), pam_auth‐
tok_check(7), pam_authtok_get(7), pam_authtok_store(7), pam_dhkeys(7),
pam_passwd_auth(7), pam_unix_account(7), pam_unix_auth(7),
pam_unix_session(7), in.rlogind(8), in.telnetd(8), logins(8), quota(8),
sshd(8), su(8), sulogin(8), syslogd(8), useradd(8), userdel(8),
account-policy(8S)
DIAGNOSTICS
Login incorrect
The user name or the password cannot be matched.
Not on system console
Root login denied. Check the CONSOLE setting in /etc/default/login.
No directory! Logging in with home=/
The user's home directory named in the passwd(5) database cannot be
found or has the wrong permissions. Contact your system administra‐
tor.
No shell
Cannot execute the shell named in the passwd(5) database. Contact
your system administrator.
NO LOGINS: System going down in N minutes
The machine is in the process of being shut down and logins have
been disabled.
WARNINGS
If you use the CONSOLE setting to disable root logins, you should
arrange that remote command execution by root is also disabled. See
rsh(1), rcmd(3C), and hosts.equiv(5) for further details.
Oracle Solaris 11.4 11 May 2021 login(1)