CIS 191B
Lab 6: Extra Credit: Exploring the Login Process

1. getty - opens a terminal device and prompts for a login name
2. login - obtains the user password, performs authentication, and launches a shell
3. shell - runs through a series of configuration scripts establishing the users environment.

Part One: The getty Process

1. Log on as root on terminal tty1 (<Ctrl><Alt>F1)
   Note the message above the login: prompt, and note any other messages you receive prior to arriving at the shell prompt.
2. View the file /etc/issue
   How does it compare to what you saw on the screen prior to logging in?
3. View the manual page for mingetty to discover the meaning of the various escape characters that can be used in the issue file.
4. Back up the existing /etc/issue file to /etc/issue.00, and replace the architecture type with the tty (line) number, and add a third line that gives the current date.
5. Log off and note the changes you made.
   Note: the other virtual ttys will not change until they are respawned, i.e. after you log on and off.
6. Log back on and list all the getty processes that are running
   ps -e | grep getty
   Note: the getty program that Linux uses on the console is: mingetty
   Why is there no getty program on tty1?
7. Jot down the PID number of the mingetty running on tty3
8. Switch screen to virtual terminal tty3 (<Ctrl><Alt>F3), and type root followed by the enter key, but don't type the password.
9. Switch back to tty1 and rerun the ps command from above.
   Note that mingetty is no longer running on tty3.
10. Now grep the process listing for the login processes:
    ps -e | grep login
    How does the PID number of the login process on tty3 compare to the getty PID you noted above?
    How does one process become another process withour changing its PID?
11. After a short period of time, the login process on tty3 will timeout, and a new mingetty process will be spawned by init.

Part Two: The Login Process

1. Make a backup of the /etc/motd file to /etc/motd.00 and add a mesage of the day of your own choosing to that file.
2. Send a mail mesage from root to root, but don't read the message you send.
3. Log off the system and log back in again as root, noting the messages the login program gives you. Note: Login starts with the Password: prompt.
4. Now that you are logged in and have noted the last time you logged in, the message of the day, and the fact that you have new mail, create the hidden file .hushlogin in root's home directory:
   touch .hushlogin
5. Log off and back in again, and note that you don't have to put up with noisy announcements. This is yet another way that UNIX empowers the user.
6. Let's look at the authentication part of login. Authentication is handled by the PAM modules in /etc/pam.d. (PAM = Pluggable Authentication Modules).
   cd /etc/pam.d
7. Display the contents of the login file in this directory. We are going to investigate the first three lines dealing with authentication.
8. Comment the second auth line in the file by inserting a comment character (#) in front of the line:
   #auth     include     system-auth
9. After saving the file's contents, log off and back on again.
   What is the difference?
10. Remove the comment character from second auth line in the file /etc/pam.d/login.
    Note the first auth line requiring the pam_securetty PAM module, and the third line requiring the pam_nologin module.
11. Change directory to /etc and edit the file /etc/securetty.
12. Place a comment character (#) in front of the tty1 line in this file:
    #tty1
    Save the file, Log off, and log back on again.
13. tty1 is no longer considered secure for root logins! Don't worry, you can log in on tty2 and fix the problem by removing the comment from the securetty file.
14. Create the file /etc/nologin with text such as the following:
    echo "No more logins allowed until further notice. -SA" > /etc/nologin
15. Switch to a different tty, and login as a regular user, using your personal account.
    Can root login?
16. Login as root and remove the /etc/nologin file.
17. The last task of the login process is to launch the user's shell as defined in the /etc/passwd file.

Part Three: The Shell Process

1. Your shell is a child process of the login process that came from the getty running on your tty. Observe the PID and PPID of your shell and it's parent:
   ps -f
   ps -f PPID # where PPID is the PPID number of your bash shell
2. All login shells execute the /etc/profile shell script to initialize system-wide environment variables. Display this file, and note the variables that are initialized. Note how the root account gets additional paths added to its PATH variable. Near the bottom of the file you may be able to pick out how the shell scripts in the directory ./etc/profile.d get executed in turn. List the scripts in the profile.d directory:
   ls /etc/profile.d
3. After system initialization comes user customization. In the case of the bash shell, the hidden file, .bash_profile in the user's home directory is executed.
   This in turn, makes calls to other scripts such as .bashrc. Review these files.
4. Below are six events that take place during the initialization of the shell's environment. Your task is to enter these six events into a file called order, such that events occur in the order that they are executed when a user logs in.
   In other words, you must find where and when these commands are executed. The order they are listed below is random:
   • PS1 variable gets initialized specifying what shell prompt the user gets.
   • The ls command is aliased to show files in different colors
   • The user's umask is set, e.g. umask 002
   • The location of the user's system mailbox is determined
   • The rm command is aliased to "rm -i"
   • The user's $HOME/bin directory is added to the PATH variable

To turn in

• /etc/issue
• /etc/motd
• order, where order is an ordered listing of the events itemized in Part 3.

Cleanup

1. mv /etc/issue.00 /etc/issue
2. mv /etc/motd.00 /etc/motd
3. rm /root/.hushlogin