本文共 11785 字,大约阅读时间需要 39 分钟。
1.init启动;6.login以exec执行bin/sh,shell先执行系统的初始化文件,再执行用户的初始化文件,初始化用户环境。
The Linux Login ProcessAfter the system boots, at serial terminals or virtual terminals, the user will see a login prompt similar to: machinename login: This prompt is being generated by a program, usually getty or mingetty, which is regenerated by the init process every time a user ends a session on the console. The getty program will call login, and login, if successful will call the users shell. The steps of the process are:
Note: This process is what happens for runlevel 3, but runlevel 5 uses some different programs to perform similar functions. These X programs are called X clients. The init process revisitedRecall that in /etc/inittab file there were lines like this: 1:2345:respawn:/sbin/mingetty tty1 |
These lines cause init to spawn the mingetty process on runlevels 2 through 5 for tty1 and other terminals. To do this init will use the "fork" function to make a new copy of itself and use an "exec" function to run the mingetty program. Getty will wait for the user, then read the username. Then mingetty will invoke login with the user's name as an argument. If the password entered does not match for the user, init will load and run mingetty again. If the login is successful, init will use the "exec" function to run the user's shell program. When the shell exits through the "logout" command, init will load and run the mingetty program again (the reason for the "respawn" command in the /etc/inittab file). The file "/etc/passwd" determines the shell to be used for the user who is logging in. This version of Linux uses the mingetty program which is a minimum getty program used for virtual terminals. On some systems and normally Unix systems traditionally the getty program is used which has more capabilities. In this section, the getty program is described, but you should be aware that many of the special features of getty will not apply to mingetty.
Note that network logins are handled differently than console logins since it is impractical to have a getty provided for each potential network login. Network logins are normally handled through the internet super daemon, inetd using either the telnet or rlogin communication protocol. The telnet daemon will invoke the login program when a session starts, then if successful, the login program will invoke the user's shell.Getty performs the following functions:
A detailed analysis:
During its startup, getty looks for the file "/etc/conf.getty.line" or "/etc/conf.getty". It reads the contents for lines with the form "NAME=value". The name strings are listed below:
These commands are explained better in the getty(1m) man page.
The login program will prompt for the user name if no argument is given on the command line.
If the file "/etc/nologin" exists and the user is not root, the contents of the "/etc/nologin" file are printed to the screen and the login is terminated. If special access restrictions are specified for the user logging in in the file "etc/usertty", the restrictions must be met or the log in will be denied and the program syslog will log the attempt. If the user is root the login must be on a terminal listed in the file "etc/securetty". If the above conditions are met, the user password will be requested and then it will be checked (If a password is required for this username). After three unsuccessful attempts to login the response gets very slow, and after 10 attempts, login dies. As usual all login failures will be reported by the syslog facility. If the file ".hushlogin" exists in the user's home directory then a "quiet" login is performed which disables checking of mail and the printing of the last login time and the message of the day. Otherwise if the file "var/log/lastlog" exists the last login time is printed and then the current login is recorded in this file. Is the current login recorded in this file if it does not already exist or if the file ".hushlogin" exists? I think it does but have found no documentation that says. At this point the login program will perform standard administrative tasks. These include:Another function that login will perform is to update the user accounting login files which are "/var/run/utmp" and "var/log/wtmp" which hold information about the amount of time users have been on the system along with when they logged on and off. Also the init program and getty may write to these files.
Once the user has successfully logged in, the login program will invoke the user's shell. The login program will look in the /etc/passwd file to determine which shell program to run. The /etc/passwd file contains entries containing the complete path of the shell. A sample /etc/passwd file is listed below:
root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:daemon:x:2:2:daemon:/sbin:adm:x:3:4:adm:/var/adm:lp:x:4:7:lp:/var/spool/lpd:sync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:news:x:9:13:news:/var/spool/news:uucp:x:10:14:uucp:/var/spool/uucp:operator:x:11:0:operator:/root:games:x:12:100:games:/usr/games:gopher:x:13:30:gopher:/usr/lib/gopher-data:ftp:x:14:50:FTP User:/home/ftp:nobody:x:99:99:Nobody:/:xfs:x:100:101:X Font Server:/etc/X11/fs:/bin/falsegdm:x:42:42::/home/gdm:/bin/bashpostgres:x:40:233:PostgreSQL Server:/var/lib/pgsql:/bin/bashsquid:x:23:23::/var/spool/squid:/dev/nullmark:x:500:500::/home/mark:/bin/bashgeorge:x:501:501::/home/george:/bin/bash
the syntax is:
account:password:UID,GID,GECOS:directory:shell
where the fields are defined as:
The login program will use the account field to find the username and therefore get the UID of the user. Login will also use the password (or the /etc/shadow file) to be sure the entered password is a match. Login will look up the user's home directory and use that to set the $HOME environment variable. Login will use the shell field to determine what shell program (such as bash, sh, tsh, etc) to run for that user. then login will pass program control to the shell program. There is an important difference in the control passed at this point, however! The shell program will run with the user's privileges and not with root privileges. The programs to this point (init, getty, login) have all run with root privileges.
Files used by the login program:
转载地址:http://ymhvi.baihongyu.com/