From Linux Man Pages
login - Begin session on the system
SYNOPSIS
login [ -p ] [ username ]
login [ -p ] [ -h host ] [ -H ] [ -f username ] host
DESCRIPTION
login is used when signing onto a system. If no argument is given, login prompts for the username.
The user is then prompted for a password, where approprate. Echoing is disabled to prevent revealing the pass-
word. Only a small number of password failures are permitted before login exits and the communications link is
severed.
If password aging has been enabled for the account, the user may be prompted for a new password before proceed-
ing. He will be forced to provide his old password and the new password before continuing. Please refer to
passwd(1) for more information.
The user and group ID will be set according to their values in the file. There is one exception if the user ID is
zero: in this case, only the primary group ID of the account is set. This should prevent that the system admini-
trator cannot login in case of network problems. The value for $HOME, $SHELL, $PATH, $LOGNAME, and $MAIL are set
according to the appropriate fields in the password entry. $PATH defaults to /usr/local/bin:/bin:/usr/bin:. for
normal users, and to /sbin:/bin:/usr/sbin:/usr/bin for root if not other configured. The environment variable
$TERM will be preserved, if it exists (other environment variables are preserved if the -p option is given) or be
initialize to the terminal type on your tty line, as specified in /etc/ttytype.
Then the user's shell is started. If no shell is specified for the user in /etc/passwd, then /bin/sh is used. If
there is no directory specified in /etc/passwd, then / is used (the home directory is checked for the .hushlogin
file described above).
This login implementation does ignore /etc/nologin and /etc/securetty. You need to configure this in the PAM
configuration file for login in /etc/pam.d/login.
login' reads the /etc/login.defs(5) configuration file. Please refer to this documenation for options which could
be set.
OPTIONS
-p Used by getty(8) to tell login not to destroy the environment
-f Used to skip a second login authentication. This specifically does not work for root, and does not appear
to work well under Linux.
-h Used by other servers (i.e., telnetd(8)) to pass the name of the remote host to login so that it may be
placed in utmp and wtmp. Only the superuser may use this option.
-H Used by other servers (i.e., telnetd(8)) to tell login that printing the hostname should be suppressed in
the login: prompt.
SPECIAL ACCESS RESTRICTIONS
The file /etc/securetty lists the names of the ttys where root is allowed to log in. One name of a tty device
without the /dev/ prefix must be specified on each line. If the file does not exist, root is allowed to log in
on any tty. You need to add the /lib/security/pam_securetty.so module in /etc/pam.d/login for activating.
FILES
/var/run/utmp - list of current login sessins
/var/log/wtmp - list of previous login sessions
/var/log/lastlog - list of times of previous user logins
/etc/passwd - user account information
/etc/shadow - encrypted passwords and age information
/etc/motd - system message file
/etc/ttytype - list of terminal types (/etc/login.defs)
RELATED
init(8), getty(8), mail(1), passwd(1), passwd(5), environ(7), shutdown(8), login.defs(5)
BUGS
A recursive login, as used to be possible in the good old days, no longer works; for most purposes su(1) is a
satisfactory substitute. Indeed, for security reasons, login does a vhangup() system call to remove any possible
listening processes on the tty. This is to avoid password sniffing. If one uses the command "login", then the
surrounding shell gets killed by vhangup() because it's no longer the true owner of the tty. This can be avoided
by using "exec login" in a top-level shell or xterm.
CATEGORY