10.3. What login does
The login program takes care of
authenticating the user (making sure that the username and
password match), and of setting up an initial environment for
the user by setting permissions for the serial line and starting
Part of the initial setup is outputting the contents of
the file /etc/motd (short for message of the
day) and checking for electronic mail. These can be disabled
by creating a file called .hushlogin in
the user's home directory.
If the file /etc/nologin
exists, logins are disabled. That file is typically
created by shutdown and relatives.
login checks for this file, and will
refuse to accept a login if it exists. If it does exist,
login outputs its contents to the terminal
before it quits.
login logs all failed login attempts in
a system log file (via syslog). It also logs
all logins by root. Both of these can be useful when tracking
Currently logged in people are listed in
/var/run/utmp. This file is valid only
until the system is next rebooted or shut down; it is cleared
when the system is booted. It lists each user and the terminal
(or network connection) he is using, along with some other useful
information. The who, w,
and other similar commands look in utmp
to see who are logged in.
All successful logins are recorded into
/var/log/wtmp. This file will grow without
limit, so it must be cleaned regularly, for example by having
a weekly cron job to clear it.
The last command browses
Both utmp and
wtmp are in a binary format (see the
utmp manual page); it is unfortunately not
convenient to examine them without special programs.