Lets continue the story of what happens to our hero and heroine after that... 🙂
- Getty process presents the login prompt to the user console
- Once the username is provided, the password is validated and if successful the user is allowed to login into the shell
- If there is a failure getty process is re-initiated by the fork function and the password prompt re-appears.
- The maximum number of failure attempts would be allowed as defined under the pam configuration.
- Eventually once the maximum no. of failure attempts is reached the gety process would be suspended for a timeout value as defined in pam configuration after which again the login prompt would appear starting from Step 1.
As soon as you reach the console you will get a login console which is presented to you by getty process as explained above where you need to put the username using which you will be login into your account.
If this file exists and the user is not root then the contents of this file will be printed to the screen and the login is terminated.
If special access restrictions are specified for the user logging in in this file, the restrictions must be met or the log in will be denied and the program syslog will log the attempt.
Next if any content has been stored inside this file is printed on the screen before the password prompt appears. This is basically a pre-login message and identification file.
If you recall there are two files which stores information about each user's password i.e. /etc/passwd and /etc/shadow, so the password is verified as per the username provided from the password section inside /etc/passwd and /etc/shadow file.
- If the provided pasword is incorrect the getty process will be re-initiated again prompting for the password.
- This will continue till you reach maximum allowed failed attempts of login as defined under the below mentioned files, a login failure message will be reported in syslog facility.
/etc/pam.d/sshd (if logging in through ssh)
- Once the maximum no. of failed attempts is reached the login process is suspended for a timeout value again as defined in /etc/pam.d/system-auth file.
- In this period you won't be allowed to make another attempt of login. Once the timeout value is finished again you will get a login prompt where you will have to give your username.
- The password provided is verified with respect to the encrypted password as present in /etc/shadow.
- Also other password aging factors are verified in case the password is expired or locked using the same file as well as /etc/passwd.
- If the provided password ad all other required parameters are correct the getty process will next check for all other functions of the user profile as provided under /etc/passwd and /etc/shadow
At this point the login program would perform the below task
- Setting up UID and GID
- The HOME, PATH, SHELL, TERM, MAIL, and LOGNAME environment variables are set.
- Setting up environment variables as defined under user's login shell i.e. ~/.bash_profile for /bin/bash shell
- The users shell is started. The shell is specified in the file "/etc/passwd"
- If the file "~/.hushlogin" exists in the user's home directory then a "quiet" login is performed which disables checking of mail and the printing of the last login time and the message of the day.
- Otherwise if the file "/var/log/lastlog" exists the last login time is printed and then the current login is recorded in this file.
- Next in case you have added any content to /etc/motd file then that will echoed to the screen. After which you will get you login console in your home directory as specified by user's HOME variable.
- Another function that login will perform is to update the user accounting login files which are "/var/run/utmp" and "/var/log/wtmp" which hold information about the amount of time users have been on the system along with when they logged on and off.
This file is used to prevent users from logging into the system.
Controls the terminals that the root user can login on
When this file exists in the user's home directory, it will prevent check for mail, printing of the last login time, and the message of the day when the user logs in.
Contains information about the last time a login was done on the system.
Contains information about the user including the ID, name, home directory, and the path to the preferred shell program.
I would appreciate your feedback in case I missed something or you would like to update my content, do notify me through the below comment box.
How to prevent a command from getting stored in history in Linux
How to check the lock status of any user account in Linux
How to track all the successful and failed login attempts by users in Linux
How to check last login time for users in Linux