Linux系统命令login的翻译
LOGIN(1) ⽤户命令 LOGIN(1)
名称
login - 在系统上启动回话
⼤纲
login [-p] [-h 主机] [⽤户名] []
login [-p] [-h 主机] -f ⽤户名
login [-p] -r 主机
描述
The login program is used to establish a new session with the system.It is normally invoked automatically by responding to the login:prompt on the user's terminal.login may be special to the shell and may not be invoked as a sub-process.When called from a shell, login should be executed as exec l
ogin which will cause the user to exit from the current shell (and thus will prevent the new logged in user to return to the session of the caller). Attempting to execute login from any shell but the login shell will produce an error message.
login程序被⽤于建⽴新的系统会话。它通常通过响应login⾃动调⽤,提⽰⽤户终端。login 可能是shell特有的并且不能被作为⼦进程调⽤。当从shell调⽤时,login应该作为exec login执⾏,这将导致⽤户退出当前shell(从⽽阻⽌新登录的⽤户返回调⽤⽅的会话)。尝试从任何shell执⾏login但是login shell将产⽣⼀个错误信息。
The user is then prompted for a password, where appropriate. Echoing is disabled to prevent revealing the password. Only a small number of password failures are permitted before login exits and the communications link is severed.
然后在适当的情况下提⽰⽤户输⼊密码。已禁⽤回显以防⽌泄漏密码。在退出登录并切断通信链路之前,只允许少量密码失败。
If password aging has been enabled for your account, you may be prompted for a new password before proceeding. You will be forced to provide your old password and the new password before continuing. Please refer to passwd(1) for more information.
如果已为您的账户启⽤密码⽼化,则可能会提⽰您在继续之前输⼊新密码。在继续之前,您将被迫提供旧密码和新密码。有关更多信息,请参阅passwd(1)。
Your user and group ID will be set according to their values in the /etc/passwd file. The value for $HOME, $SHELL, $PATH, $LOGNAME, and $MAIL are set according to the appropriate fields in the password entry. Ulimit, umask and nice values may also be set according to entries in the GECOS field.
您的⽤户和组ID将根据/etc/passwd⽂件中的值进⾏设置。$HOME、$SHELL、$PATH、$LOGNAME和$MAIL的值是根据密码条⽬中的相应字段设置的。Ulimit、umask和nice值也可以根据GECOS字段中的条⽬进⾏设置。
On some installations, the environmental variable $TERM will be initialized to the terminal type on your tty line, as specified in
/etc/ttytype.
在某些安装中,环境变量$TERM将初始化为tty⾏上的终端类型,如/etc/ttytype中指定的那样。
命令解释器的初始化脚本也可能执⾏。请参考⼿册中相应的章节来获取关于此功能的更多信息。
在登录 shell中以第⼀个字符是“*”标注的是⼦系统登录。给定的主⽬录将被⽤于⽤户实际登录的新⽂件系统的根。
The login program is NOT responsible for removing users from the utmp file. It is the responsibility of getty(8) and init(8) to clean up apparent ownership of a terminal session. If you use login from the shell prompt without exec, the user you use will continue to appear to be logged in even after you log out of the "subsession".
登录程序不负责从utmp⽂件中删除⽤户。getty(8)和init(8)负责清除终端会话的明显所有权。如果您在没有exec的情况下从shell提⽰符使⽤login,那么即使您从“subsession”注销,您使⽤的⽤户仍将继续显⽰为已登录。
选项
-f
不要执⾏认证,⽤户已经预认证过。
注意:此时,username 是强制的。
-h
此登录的远程主机名。
-p
保留环境。
-r
为 rlogin (远程登录)执⾏ autologin (⾃动登录)协议。
-r, -h and -f 只能⽤于 root 使⽤ login 时。
CAVEATS
注意事项
此版本的 login 有很多编译选项,只有⼀部分可以在任何站点使⽤。
⽂件的位置由系统配置决定。
The login program is NOT responsible for removing users from the utmp file.
It is the responsibility of getty(8) and init(8) to clean up apparent ownership of a terminal session.
If you use login from the shell prompt without exec, the user you use will continue to appear to be logged in even after you log out of the "subsession".
As with any program, login's appearance can be faked. If non-trusted users have physical access to a machine, an attacker could use this to obtain the password of the next person coming to sit in front of the machine. Under Linux, the SAK mechanism can be used by users to initiate a trusted path and prevent this kind of attack.
与任何程序⼀样,登录名的外观都可能是伪造的。如果不受信任的⽤户可以物理访问某台计算机,则攻击者可以利⽤此权限获取下⼀个坐在该计算机前⾯的⼈的密码。
配置⽂件
在 /etc/login.defs 中有如下配置变量,可以⽤来更改此⼯具的⾏为:
CONSOLE_GROUPS (string)
在控制台登录时,添加到⽤户附加组集中的组列表(就如 CONSOLE 所确定的)。默认是⽆。
使⽤时需要注意:这可能使⽤户获取这些组的永久权限,甚⾄登录到的不是此控制台时。
DEFAULT_HOME (boolean)
如果不能 cd 到主⽬录时,说明是否允许登录。默认是否。
如果设置为 yes,如果不能 cd 到主⽬录时,⽤户将会登录到根⽬录(/)。
ENV_PATH (string)
If set, it will be used to define the PATH environment variable when a regular user login. The value is a colon separated list of paths (for example /bin:/usr/bin) and can be preceded by PATH=. The default value is PATH=/bin:/usr/bin.
如果设置了,它将⽤于定义常规⽤户登陆时的PATH环境变量。该值是以冒号分隔的路径列表(例如/bin:/usr/bin),前⾯可以是PATH=。默认值为PATH=/bin:/usr/bin。
ENV_SUPATH (string)
If set, it will be used to define the PATH environment variable when the superuser login. The value is
a colon separated list of paths (for example /sbin:/bin:/usr/sbin:/usr/bin) and can be preceded by PATH=. The default value is PATH=/sbin:/bin:/usr/sbin:/usr/bin.
如果设置,它将⽤于定义超级⽤户登录时的PATH环境变量。该值是以冒号分隔的路径列表(例如/sbin:/bin:/usr/sbin:/usr/bin),前⾯可以是PATH=。默认值为PATH=/sbin:/bin:/usr/sbin:/usr/bin。
ERASECHAR (number)
终端擦除字符 (010 = backspace, 0177 = DEL)。
此值可以使⽤前缀“0”表⽰⼋进制,“0x”表⽰⼗六进制。
FAIL_DELAY (number)
登录失败后,等待多少秒才再允许登录。
FAKE_SHELL (string)
如果设置了,login 将执⾏此 shell ⽽不是在 /etc/passwd 中指定的⽤户 shell。
HUSHLOGIN_FILE (string)
If defined, this file can inhibit all the usual chatter during the login sequence. If a full pathname is specified, then hushed mode will be enabled if the user's name or shell are found in the file. If not a full pathname, then hushed mode will be enabled if the file exists in the user's home directory.
如果定义了,该⽂件可以在登录序列期间抑制所有常见的抖动。如果指定了完整路径名,则如果在⽂件中到⽤户名或shell,则将启⽤静默模式。如果不是完整路径名,则如果⽂件存在于⽤户的主⽬录中,将启⽤静默模式。
KILLCHAR (number)
终端 KILL 字符 (025 = CTRL/U)。
此值可以使⽤前缀“0”表⽰⼋进制,“0x”表⽰⼗六进制。
LOGIN_RETRIES (number)
密码错误时,重试的最⼤次数。
This will most likely be overridden by PAM, since the default pam_unix module has its own built in of 3 retries. However, this is a safe fallback in case you are using an authentication module that does not enforce PAM_MAXTRIES.
这很可能会被PAM覆盖,因为默认的pam_unix模块有⾃⼰的内置3次重试。但是,如果您使⽤的验证模块不强制PAM_MAXTRIES,这是⼀种安全的回退。
LOGIN_TIMEOUT (number)
最⼤登录时间(以秒为单位)。
LOG_OK_LOGINS (boolean)
允许记录成功登录。
LOG_UNKFAIL_ENAB (boolean)
在记录到登录失败时,允许记录未知⽤户名。
注意:如果⽤户不⼩⼼将密码输⼊到了登录名中,记录未知⽤户名可能是⼀个安全隐患。
TTYGROUP (string), TTYPERM (string)
The terminal permissions: the login tty will be owned by the TTYGROUP group, and the permissions will be set to TTYPERM. By default, the ownership of the terminal is set to the user's primary group a
nd the permissions are set to 0600. TTYGROUP can be either the name of a group or a numeric group identifier. If you have a write program which is "setgid" to a special group which owns the terminals, define TTYGROUP to the group number and TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign TTYPERM to either 622 or 600.
终端permissions:login tty将由TTYGROUP组拥有,权限将设置为TTYPERM。默认情况下,终端的所有权设置为⽤户的主要组,权限设置为0600。如果您有⼀个写⼊程序,它是“setgid”到⼀个拥有终端的特殊组,那么将TTYGROUP定义为组号,将TTYPERM定义为0620。否则,将TTYGROUP保留为注释掉,并将TTYPERM指定给622或600。
TTYTYPE_FILE (string)
If defined, file which maps tty line to TERM environment parameter. Each line of the file is in a format something like "vt100 tty01".
如果已定义,将tty⾏映射到TERM环境参数的⽂件。⽂件的每⼀⾏的格式类似于“vt100 tty01”。
USERGROUPS_ENAB (boolean)
如果设置为 yes,如果组中没有成员了,userdel 将移除此⽤户组,useradd
创建⽤户时,也会创建⼀个同名的默认组。
⽂件
/var/run/utmp
当前登录会话的列表。
/var/log/wtmp
先前的登录会话列表。
/etc/passwd
⽤户账户信息。
linux用户系统相关命令/etc/shadow
安全⽤户账户信息。
/etc/motd
System message of the day file.
/etc/nologin
阻⽌⾮ root ⽤户登录。
/etc/ttytype
终端类型列表。
$HOME/.hushlogin
阻⽌现实系统信息。
/etc/login.defs
Shadow 密码套件配置。
参阅
mail(1), passwd(1), sh(1), su(1), login.defs(5), nologin(5), passwd(5),
securetty(5), getty(8).
shadow-utils 4.2 2019-03-26 LOGIN(1)
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论