Библиотека сайта rus-linux.net
10.3. What login does
The login program takes care of authenticating the user (making sure that the username and password match), and of setting up an initial environment for the user by setting permissions for the serial line and starting the shell.
Part of the initial setup is outputting the contents of
the file /etc/motd
(short for message of the
day) and checking for electronic mail. These can be disabled
by creating a file called .hushlogin
in
the user's home directory.
If the file /etc/nologin
exists, logins are disabled. That file is typically
created by shutdown and relatives.
login checks for this file, and will
refuse to accept a login if it exists. If it does exist,
login outputs its contents to the terminal
before it quits.
login logs all failed login attempts in a system log file (via syslog). It also logs all logins by root. Both of these can be useful when tracking down intruders.
Currently logged in people are listed in
/var/run/utmp
. This file is valid only
until the system is next rebooted or shut down; it is cleared
when the system is booted. It lists each user and the terminal
(or network connection) he is using, along with some other useful
information. The who, w,
and other similar commands look in utmp
to see who are logged in.
All successful logins are recorded into
/var/log/wtmp
. This file will grow without
limit, so it must be cleaned regularly, for example by having
a weekly cron job to clear it.
[1]
The last command browses
wtmp
.
Both utmp
and
wtmp
are in a binary format (see the
utmp
manual page); it is unfortunately not
convenient to examine them without special programs.
Notes
[1] | Good Linux distributions do this out of the box. |