The User Login Process | Ubuntu Unleashed 2011 Edition: Covering 10.10 and 11.04 (6th Edition)

It is useful to know what happens during the process when a user attempts to log inif for nothing else than troubleshooting for that one user in the accounting department who cannot get logged on to run the payroll program and get the payroll checks printed on time. Understanding this process also involves understanding the purpose of the default user installation files that are found in /etc/skel. This section helps illuminate the login process for you.

The login process is used for entering or "signing on" to a system and is summarized in steps as follows:

1.	Login prompts for a username.
2.	If the `/etc/nologin` file exists and the user is not root, a warning message is issued and the login process is halted. The `/etc/nologin` file is typically used when the system will be shut down shortly and new logins should be restricted.
3.	The `/etc/usertty` file is examined to see whether any restrictions are specified for the user. As a security measure, root logons can be restricted to specific terminals and regular users can have the same restrictions placed on them as necessary.
4.	The system prompts for a password; it is checked against the encrypted password kept in `/etc/shadow`. Unsuccessful attempts are logged via the `syslog` facility and can be reviewed with the `lastd` command.
5.	The UID and the GID of the `tty` (terminal) being used are set.

6.	The `TERM` environment, if it has been set, is preserved.
7.	The `HOME`, `PATH`, `SHELL`, `TERM`, `MAIL`, and `LOGNAME` environment variables are set. (If the `-p` option is used, all preexisting environmental variables are preserved.)
8.	The `PATH` defaults to `/usr/local/bin:/bin:/usr/bin:` for normal users and to `/sbin:/bin:/usr/sbin:/usr/bin` for root.
9.	Normal greeting messages and mail checking are disabled if the file `.hushlogin` exists in the users' home directory; otherwise, those messages display at the end of the logon process.
10.	The user's command shell is started at this point, presenting the user with a command prompt. If no shell is specified for the user in `/etc/passwd`, `/bin/sh` is used by default. (Some UNIX operating systems will just log you back out.) If no home directory is specified in `/etc/passwd`, `/` is used.

When you log in as a regular user, the files that control your environment are found in your /home/username directory. These configuration files are normally hidden from view because their filename is preceded by a period (as in .bashrcthese are known as dot files).

The name of the file indicates which program it is associated with. The files .bash_ logout, .bash_profile, and .bashrc all determine how the bash shell is used by the user. (These files can, of course, be preset by the system administrator with the user given only read access, so the files cannot be changed. Other shells have their own associated files.)

The .screenrc file determines the console screen environment, and the .Xdefaults file determines much the same thing for X11. For Ubuntu, the .dmrc file sources the file /etc/X11/dm/Sessions/Default.desktop, which sets the default desktop for the entire system. The .Xclients-default file is created by running the switchdesk command (the Desktop Switching Tool is the name of the GUI interface) to change the default desktop for that user. You would use this command if you occasionally launch X11 from the command line and desire to change your default desktop. Ubuntu Core sets the default as GNOME.

Other files might be present depending on the system and the system administrator. The point is that the environment of each user can be set globally through the use of files in /etc/skel and individually by allowing user modification of the files in their /home directory (or not, depending on the system administration policies).

The system logs all user logins, as well as all uses of su and sudo commands for the sysadmin's review. (The init, syslogd, and klogd applications create the logs.) Modern security-monitoring programs (or simple scripts you create) can scan these files (such as /var/log/messages) for anomalies and signal possible security violations.