ngetty - daemon for virtual console terminals
ngetty [ tty1 | vc/1 | 1 ] [ /dev/tty2 | vc/2 | 2 ] ...
ngetty-helper /dev/ttyX [ login ]
ngetty-argv :options:child:[name]:args [user [tty]]
ngetty is a daemon that starts login sessions on virtual console
terminals, on demand. It opens the virtual console terminals specified
by the tty... arguments, displays a /etc/issue message, prints the
login prompt on each terminal and waits for user name. On user action,
ngetty executes login(1) in a new process with the terminal the user is
typing in as the controlling terminal.
login(1) then prompts for a password to login with the system and
finally, if the login succeeds, executes the user’s login shell.
When the user logs out, ngetty restarts the corresponding virtual
Actually almost the whole work is done by a ngetty-helper program. It
makes /var/run/utmp, /var/log/wtmp records, prints /etc/issue,
hostname, login prompt, waits for user name. ngetty invokes the
ngetty-helper by need.
The traditional way to enable logins on virtual console terminals is to
start a bunch of getty(8) programs, one for each virtual console
terminal, from init(8). As most users rarely login on virtual console
terminals nowadays, preferring graphical logins instead, it seems
wasteful to have all those getty(8) processes doing nothing but wasting
memory. Alternatively, ngetty manages logins on any number of virtual
console terminals from a single, light, process.
ngetty does not use stdin, stdout or stderr and closes them.
When running ngetty in the background, remember to disassociate it from
the current controlling terminal by making it the process group leader
of a new session, e.g.:
setsid ngetty tty... &
To start ngetty from init(8), add something like this to /etc/inittab:
ng:2345:respawn:/sbin/ngetty tty1 tty2 ... tty6
If ngetty-argv is available use it to start ngetty from /etc/inittab.
See the example bellow.
If ngetty can not open one of the virtual console terminals specified
in the tty... arguments, most likely because that tty device node does
not exist, no greeting message will be displayed on that terminal,
obviously, and ngetty will simply go on, ignoring the offending
terminal. Create the missing tty device and send SIGCHLD to ngetty.
Then it will reopen the new tty. Instead of sending SIGCHLD you can
login and logout on some working tty. This also forces ngetty to
reopen the new tty.
ngetty uses ngetty-helper program. It’s path is hard-coded in ngetty.
Never remove ngetty-helper program nor move it to other location.
If, on user action, ngetty-helper can not execute login(1), in all
likelihood because the compiled-in LOGIN path does not match your
system’s login(1) path, ngetty restarts the terminal and redisplays the
In any case, ngetty does not output error messages.
It’s possible to set different options for ngetty-helper program in
file /etc/ngetty/Conf. If the option begin with "=" it’s applied for
all tty. If it start with a tty name it’s applied only on current tty.
# options format:
For security reasons ngetty-helper evaluate the file /etc/ngetty/Conf
only if it has mode:
-rw------- root root /etc/ngetty/Conf
ngetty-helper recognizes the following options which might be embedded
in the /etc/ngetty/Conf file:
If a line starts with #, space or tab it is a comment.
debug If debug is set ngetty-helper write on terminal all successfully
applied options. Set this on the fist line of /etc/ngetty/Conf
Escape \d (current day) in /etc/issue as:
Fri Jun 01 2007. Default is: 2007-06-01.
Abbreviation for week days (21 bytes). Default is:
Abbreviation for months (36 bytes). Default is:
Change the timezone offset. If the string starts with slash
it’s the name of tzfile. The string is positive number if the
local time zone is east of the Prime Meridian and negative if it
is west. Default is /etc/localtime. Examples:
Turn the echo off just before starting /bin/login. It’s similar
to stty -echo.
Print this string before writing out /etc/issue. (default is
tty3=newline=\012I am \l\012
Clear the screen before prompting for the login name with the
string (default is \033c). Examples:
Do not clear the screen before prompting for the login name the
first time after reboot. Example:
Do not call vhangup() to disable writing to this tty by other
By default the hostname is only printed until the first dot.
With this option enabled, the full text from gethostname() is
Do not ask for user name. Exec login(1) immediately. Example:
=login-prompt= Press ENTER to activate \l
Disable login process for some users. The first char after
"deny=" is split char. Example:
Enable login process only for the users. The first char after
"allow=" is split char. Example:
Accept only these chars in user name. Default is to accept only
",-._ 0-9 a-z A-Z". It’s possible to insert here the output of
Here ABC and XYZ are octal numbers. Examples:
Change the issue file. Disable printing of the issue file with:
Change the login app. It’s possible to use fgetty’s /bin/login1
Read login name over the string. Default string is 40 bytes
Change the login prompt string. Example:
=login-prompt=\033[1;33m\l\033[0;39m \n login:
Change the priority by calling nice().
Sleep this many seconds before printing the file /etc/issue.
Wait at most this many seconds for user name.
Change into this directory before calling the login prog.
Call chroot() with this directory name.
Log the specified user automatically in without asking for a
login name and password. Check the -f option from /bin/login
for this. Example:
Log in automatically only the first time after reboot without
asking for a login name and password. Example:
Replace the environ. The first char after "environ=" is split
Exec this line before printing /etc/issue. The line is executed
using /bin/sh -c line. It’s good idea to use the full paths
tty4=sh-A=exec /bin/ps e -u root
Similar to option sh-A. This is executed before asking for
Ngetty starts login application with options
login -- XYZ # default
login -f XYZ # if autologin-name=XYZ
With this option it’s possible to start login appl with
any_string instead of -- or -f. Using the program ngetty-
argv(8) one can start arbitrary program with different
arguments. Two very dangerous examples are (never try them):
If ngetty-helper finds stdout or stderr open it exits immediately with
error 100. Ngetty invokes it correctly. See also the program test-
helper.c in source package.
Do not edit the file /etc/ngetty/Conf directly. Put the configurations
in /etc/ngetty/Conf.sed (the same syntax and permissions as
/etc/ngetty/Conf) and after editing it, execute:
cd /etc/ngetty && ./setup
The script /etc/ngetty/setup removes comments, merges lines ending with
a backslash and expands the string =tz=AUTO to numeric number. Then It
If ngetty receives SIGTERM it kill all child’s PID (first with SIGTERM
and then with SIGKILL) and exit immediately. It does not change UID,
GID and mode of the controlling tty devices. It does not catch the
other signals. Sending SIGCHLD to ngetty forces it to reread his
internal cache tables and to restart failed tty devices.
ngetty-helper recognizes the following escapes sequences which might be
embedded after login-prompt=, newline=, clear= or in the /etc/issue
\d insert current day (localtime),
\l insert line on which ngetty is running,
\m inserts machine architecture (uname -m),
\n inserts machine’s network node hostname (uname -n),
\o inserts domain name,
\r inserts operating system release (uname -r),
\t insert current time (localtime),
\s inserts operating system name,
\u insert the number of users which are currently logged in,
\U insert the string "1 user" or "<n> users", where <n> is the
number of users currently logged in,
\v inserts operating system version (uname -v).
\XYZ inserts a letter with octal code XYZ.
"Linux eos i386 #1 Tue Mar 19 21:54:09 MET 1996" was produced by
putting "\s \n \m \v" into /etc/issue.
The program ngetty-argv(8) splits argv on strings, expands %U and %T
to username and tty and then start the the application. The first char
after "login-argv=" is split char. In the examples above every user
logs on tty4 without password and tty5 is always root. To understand
better how ngetty-argv works try as non-root:
ngetty-argv ’:/bin/echo:echo:%U: on %T’ usr tty3
ngetty-argv ’:/bin/sleep:-hacker:39:I am %U on %T’ 123 X
One can put also options for ngetty-argv at the beginning.
-- last option
-u503 setuid to 503
-g230 setgid to 230
-a120 exec alarm(120) before starting child
-s10 sleep 10 secs before starting child
-d/X/YZ chdir(/X/YZ) before starting child
-r/A/BC chroot(/A/BC) before starting child
-D start the child in background and exit
-N -C NOTTY | SCTTY controlling tty
-S like setsid(8)
-e,HOME=/,TERM=linux same as environ= above
-p/path/to/pid.file write the child pid here
One possible example for /etc/ngetty/Conf is:
tty9=login-prompt=\n \d \t qmail-qread:
Another example is setting the TTY environ automatically:
I recommend using ngetty-argv in /etc/inittab also. Put as last
argument runlevel string. Then ps will show ngetty-2345 instead of
ngetty. Next start tty1 ... tty6 on runlevels 2345.
On a terminal (in scripts) start ngetty with
ngetty-argv .-N.-S.-e./sbin/%U.%U.8.9.10 ngetty
ngetty-argv .-D.-S.-e./sbin/%U.%U.8.9.10 ngetty
This program is a hack written for ngetty-helper. There is no
additional code in ngetty-helper and it’s possible to start a program
with any args. It is like a filter between ngetty-helper and login
application. One can easy modify it without touching ngetty-helper.
It’s similar to DJB well known argv0(1) and setuidgid(8). You can
write own such programs and use them instead of ngetty-argv.
/etc/ngetty/Conf ngetty-helper configuration file
/etc/ngetty/Conf.sed private setup file
/etc/ngetty/setup updates Conf.sed -> Conf
/etc/issue printed before the login prompt
/var/run/utmp the system status file
/var/log/wtmp the system logging file
/etc/inittab init(8) configuration file
getty(8) fgetty(8) mingetty(8)
login(1) nlogin(1) argv0(1) setuidgid(8) stty(1)
Copyright 2007,2008 Nikola Vladov
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.