The Login Shell
A terminal is connected to a Unix system through a direct wire, modem, or network. In the first case, as soon as you turn on the terminal (and press the Enter key a couple of times if necessary), you should get a login: message on your screen. In the second case, you must first dial the computer's number and get connected before the login: message appears. In the last case, you may connect over the network via a program such as ssh, telnet, or rlogin, or you may use some kind of networked windowing system (for example, X Window System) to start up a terminal emulation program (for example, xterm).
For each physical terminal port on a system, a program called getty will be active. This is depicted in Figure 3.2.
Figure 3.2 The getty process.
The Unix systemmore precisely a program called initautomatically starts up a getty program on each terminal port whenever the system is allowing users to log in. getty determines the baud rate, displays the message login: at its assigned terminal, and then just waits for someone to type in something. As soon as someone types in some characters followed by Enter, the getty program disappears; but before it goes away, it starts up a program called login to finish the process of logging in (see Figure 3.3). It also gives login the characters you typed in at the terminal characters that presumably represent your login name.
Figure 3.3 login started on sue's terminal.
When login begins execution, it displays the string Password: at the terminal and then waits for you to type your password. After you have typed it, login then proceeds to verify your login name and password against the corresponding entry in the file /etc/passwd. This file contains one line for each user of the system. That line specifies, among other things, the login name, home directory, and program to start up when that user logs in.1 The last bit of information (the program to start up) is stored after the last colon of each line. If nothing follows the last colon, the standard shell /usr/bin/sh is assumed by default. The following three lines show typical lines from /etc/passwd for three users of the system: sue, pat, and bob:
sue:*:15:47::/users/sue: pat:*:99:7::/users/pat:/usr/bin/ksh bob:*:13:100::/users/data:/users/data/bin/data_entry
1The file's name (passwd) derives from a time when encrypted versions of the users' passwords were stored in this file along with other user information. The encrypted passwords are no longer stored in /etc/passwd but for security reasons are now kept in the /etc/shadow file, which is not readable by normal users.
After login checks the password you typed in against the one stored in /etc/shadow, it then checks for the name of a program to execute. In most cases, this will be /usr/bin/sh, /usr/bin/ksh, or /bin/bash. In other cases, it may be a special custom-designed program. The main point here is that you can set up a login account to automatically run any program whatsoever whenever someone logs in to it. The shell just happens to be the program most often selected.
So login initiates execution of the standard shell on sue's terminal after validating her password (see Figure 3.4).
Figure 3.4 login executes /usr/bin/sh.
According to the other entries from /etc/passwd shown previously, pat gets the program ksh stored in /usr/bin (this is the Korn shell), and bob gets the program data_entry (see Figure 3.5).
Figure 3.5 Three users logged in.
The init program starts up other programs similar to getty for networked connections. For example, sshd, telnetd, and rlogind are started to service logins via ssh, telnet, and rlogin, respectively. Instead of being tied directly to a specific, physical terminal or modem line, these programs connect users' shells to pseudo ttys. These are devices that emulate terminals over network connections. You can see this whether you're logged in to your system over a network or on an X Windows screen:
$ who phw pts/0 Jul 20 17:37 Logged in with rlogin $