login Command

The login command establishes a new session for a user on the system. It handles user authentication, sets up the user environment, and starts a shell session.

Syntax

login [OPTIONS] [USERNAME]

Description

The login command is used to establish a new user session on the system. It authenticates the user by prompting for credentials, sets up the user environment, and starts the user's default shell.

Key functions:

  • User authentication and password verification
  • Session initialization and environment setup
  • Shell startup and login script execution
  • Terminal and session management
  • Security logging and audit trail
Note: The login command is typically called automatically by the system during boot or when accessing terminals. Manual use is less common in modern systems.

Common Options

Option Description
-p Preserve environment variables
-h hostname Specify remote hostname for logging
-f username Skip authentication (pre-authenticated)
-r hostname Perform autologin protocol for rlogind
--help Display help information
--version Display version information

Examples

Basic login

login

Prompts for username and password to start a new session

Login as specific user

login john

Prompts for password for user 'john'

Login with hostname (for remote sessions)

login -h remote.example.com

Records the remote hostname in logs

Preserve environment

login -p

Preserves current environment variables

Pre-authenticated login

login -f alice

Logs in user 'alice' without password prompt (requires privileges)

Login Process

Authentication Steps

  1. Username Prompt - System requests username
  2. Password Prompt - System requests password (hidden input)
  3. Credential Verification - System checks against /etc/passwd and /etc/shadow
  4. Account Validation - Checks for account expiration, locks, etc.
  5. Environment Setup - Sets up user environment variables
  6. Shell Startup - Executes user's default shell
  7. Login Scripts - Runs login initialization scripts

Files Involved in Login

File Purpose
/etc/passwd User account information
/etc/shadow Encrypted passwords and account policies
/etc/group Group membership information
/etc/login.defs Login configuration and defaults
/etc/securetty Terminals where root can login
/etc/nologin Prevents non-root logins when present
/var/log/wtmp Login/logout history
/var/log/lastlog Last login information per user

Environment Setup

Default Environment Variables

# Variables set by login HOME=/home/username # User's home directory USER=username # Username LOGNAME=username # Login name SHELL=/bin/bash # User's shell PATH=/usr/local/bin:/usr/bin:/bin TERM=xterm # Terminal type MAIL=/var/mail/username # Mail spool

Standard environment variables set during login

Login Scripts Execution Order

  1. /etc/profile - System-wide profile
  2. ~/.bash_profile - User's bash profile
  3. ~/.bash_login - Alternative bash login script
  4. ~/.profile - Generic shell profile
  5. ~/.bashrc - Bash configuration (if interactive)

Security Considerations

Login Security Features

Failed login attempts

# View failed login attempts grep "Failed password" /var/log/auth.log # Count failed attempts by IP grep "Failed password" /var/log/auth.log | awk '{print $11}' | sort | uniq -c | sort -nr

Monitor and analyze failed login attempts

Account lockout policies

# Check account lock status passwd -S username # Lock user account passwd -l username # Unlock user account passwd -u username

Manage account lock status

Login restrictions

# Prevent all non-root logins sudo touch /etc/nologin # Allow specific users during maintenance echo "System maintenance in progress" > /etc/nologin # Remove login restriction sudo rm /etc/nologin

Implement system-wide login restrictions

Troubleshooting Login Issues

Common Login Problems

Check user account status

# Check if user exists getent passwd username # Check password status passwd -S username # Check account expiration chage -l username

Verify user account configuration

Check login logs

# Recent login attempts tail -f /var/log/auth.log # Last successful logins last # Last login per user lastlog

Analyze login activity and issues

Test shell and environment

# Check user's shell getent passwd username | cut -d: -f7 # Test shell validity /bin/bash --login -c 'echo "Shell test successful"' # Check home directory permissions ls -ld /home/username

Verify shell and environment configuration

Alternative Login Methods

Related Commands

Switch user (su)

# Switch to another user su - username # Switch to root su - # Run single command as user su - username -c "command"

Switch user context within current session

Substitute user (sudo)

# Run command as another user sudo -u username command # Switch to user with login shell sudo -i -u username # Run shell as user sudo -s -u username

Execute commands with different user privileges

SSH login

# Remote login via SSH ssh username@hostname # SSH with specific port ssh -p 2222 username@hostname # SSH with key authentication ssh -i ~/.ssh/id_rsa username@hostname

Secure remote login over network

Best Practices

Login Security Best Practices
  • Strong Passwords - Enforce complex password policies
  • Account Monitoring - Monitor login attempts and failures
  • Session Timeouts - Configure automatic session timeouts
  • Secure Terminals - Restrict root login to secure terminals
  • Regular Audits - Review login logs and user accounts regularly
  • Multi-factor Authentication - Implement additional authentication factors

See also