login Command
The login command establishes a new session for a user on the system. It handles user authentication, sets up the user environment, and starts a shell session.
Syntax
Description
The login command is used to establish a new user session on the system. It authenticates the user by prompting for credentials, sets up the user environment, and starts the user's default shell.
Key functions:
- User authentication and password verification
- Session initialization and environment setup
- Shell startup and login script execution
- Terminal and session management
- Security logging and audit trail
Common Options
| Option | Description |
|---|---|
-p |
Preserve environment variables |
-h hostname |
Specify remote hostname for logging |
-f username |
Skip authentication (pre-authenticated) |
-r hostname |
Perform autologin protocol for rlogind |
--help |
Display help information |
--version |
Display version information |
Examples
Basic login
Prompts for username and password to start a new session
Login as specific user
Prompts for password for user 'john'
Login with hostname (for remote sessions)
Records the remote hostname in logs
Preserve environment
Preserves current environment variables
Pre-authenticated login
Logs in user 'alice' without password prompt (requires privileges)
Login Process
Authentication Steps
- Username Prompt - System requests username
- Password Prompt - System requests password (hidden input)
- Credential Verification - System checks against /etc/passwd and /etc/shadow
- Account Validation - Checks for account expiration, locks, etc.
- Environment Setup - Sets up user environment variables
- Shell Startup - Executes user's default shell
- Login Scripts - Runs login initialization scripts
Files Involved in Login
| File | Purpose |
|---|---|
/etc/passwd |
User account information |
/etc/shadow |
Encrypted passwords and account policies |
/etc/group |
Group membership information |
/etc/login.defs |
Login configuration and defaults |
/etc/securetty |
Terminals where root can login |
/etc/nologin |
Prevents non-root logins when present |
/var/log/wtmp |
Login/logout history |
/var/log/lastlog |
Last login information per user |
Environment Setup
Default Environment Variables
Standard environment variables set during login
Login Scripts Execution Order
/etc/profile- System-wide profile~/.bash_profile- User's bash profile~/.bash_login- Alternative bash login script~/.profile- Generic shell profile~/.bashrc- Bash configuration (if interactive)
Security Considerations
Login Security Features
Failed login attempts
Monitor and analyze failed login attempts
Account lockout policies
Manage account lock status
Login restrictions
Implement system-wide login restrictions
Troubleshooting Login Issues
Common Login Problems
Check user account status
Verify user account configuration
Check login logs
Analyze login activity and issues
Test shell and environment
Verify shell and environment configuration
Alternative Login Methods
Related Commands
Switch user (su)
Switch user context within current session
Substitute user (sudo)
Execute commands with different user privileges
SSH login
Secure remote login over network
Best Practices
Login Security Best Practices
- Strong Passwords - Enforce complex password policies
- Account Monitoring - Monitor login attempts and failures
- Session Timeouts - Configure automatic session timeouts
- Secure Terminals - Restrict root login to secure terminals
- Regular Audits - Review login logs and user accounts regularly
- Multi-factor Authentication - Implement additional authentication factors