This section describes what you need to configure on your FreeBSD system to enable a login session on a terminal. It assumes you have already configured your kernel to support the serial port to which the terminal is connected---and that you have connected it.
In a nutshell, you need to tell the init process, which is
responsible for process control and initialization, to start a
getty process, which is responsible for reading a login
name and starting the login program.
To do so, you have to edit the /etc/ttys file.
First, use the su command to become root. Then, make the
following changes to /etc/ttys:
/etc/ttys for the entry in the
/dev directory for the serial port if it is not
already there.
/usr/libexec/getty be run on the
port, and specify the appropriate getty type from the
/etc/gettytab file.
init to reread the /etc/ttys file.As an optional step, you may wish to create a custom
getty type for use in step 2 by making an entry in
/etc/gettytab. This document does not explain how to
do so; you are encouraged to see the gettytab(5) and the
getty(8) manual pages for more information.
The remaining sections detail how to do these steps. We will use a running example throughout these sections to illustrate what we need to do. In our example, we will connect two terminals to the system: a Wyse-50 and a old 286 IBM PC running Procomm terminal software emulating a VT-100 terminal. We connect the Wyse to the second serial port and the 286 to the sixth serial port (a port on a multiport serial card).
For more information on the /etc/ttys file, see the
ttys(5) manual page.
/etc/ttysFirst, you need to add an entry to the /etc/ttys
file, unless one is already there.
The /etc/ttys file lists all of the ports on your
FreeBSD system where you want to allow logins. For example,
the first virtual console ttyv0 has an entry in
this file. You can log in on the console using this entry.
This file contains entries for the other virtual consoles,
serial ports, and pseudo-ttys. For a hardwired terminal,
just list the serial port's /dev entry without the
/dev part.
When you installed your FreeBSD system, the
/etc/ttys file included entries for the first four
serial ports: ttyd0 through ttyd3. If you are
attaching a terminal on one of those ports, you do not need
to add an entry.
In our example, we attached a Wyse-50 to the second serial
port, ttyd1, which is already in the file. We need to
add an entry for the 286 PC connected to the sixth serial
port. Here is an excerpt of the /etc/ttys file
after we add the new entry:
ttyd1 "/usr/libexec/getty std.9600" unknown off secure
ttyd5
getty TypeNext, we need to specify what program will be run to handle
the logins on a terminal. For FreeBSD, the standard program
to do that is /usr/libexec/getty. It is what
provides the login: prompt.
The program getty takes one (optional) parameter on its
command line, the getty type. A getty type
tells about characteristics on the terminal line, like bps
rate and parity. The getty program reads these
characteristics from the file /etc/gettytab.
The file /etc/gettytab contains lots of entries for
terminal lines both old and new. In almost all cases, the
entries that start with the text std will work for
hardwired terminals. These entries ignore parity. There is
a std entry for each bps rate from 110 to 115200. Of
course, you can add your own entries to this file. The
manual page gettytab(5) provides more information.
When setting the getty type in the /etc/ttys
file, make sure that the communications settings on the
terminal match.
For our example, the Wyse-50 uses no parity and connects at
38400 bps. The 286 PC uses no parity and connects at 19200
bps. Here is the /etc/ttys file so far (showing
just the two terminals in which we are interested):
ttyd1 "/usr/libexec/getty std.38400" unknown off secure
ttyd5 "/usr/libexec/getty std.19200"
getty might be interpreted as the
next field.
The third field in the /etc/ttys file lists the
default terminal type for the port. For dialup ports, you
typically put unknown or dialup in this field
because users may dial up with practically any kind of
terminal or software. For hardwired terminals, the terminal
type does not change, so you can put a real terminal type in
this field.
Users will usually use the tset program in
their .login or .profile files to check the terminal
type and prompt for one if necessary. By setting a terminal
type in the /etc/ttys file, users can forego such
prompting.
To find out what terminal types FreeBSD supports, see the
file /usr/share/misc/termcap. It lists about 600
terminal types. You can add more if you wish. See the
termcap(5) manual page for information.
In our example, the Wyse-50 is a Wyse-50 type of terminal
(although it can emulate others, we will leave it in Wyse-50
mode). The 286 PC is running Procomm which will be set to
emulate a VT-100. Here are the pertinent yet unfinished
entries from the /etc/ttys file:
ttyd1 "/usr/libexec/getty std.38400" wy50 off secure
ttyd5 "/usr/libexec/getty std.19200" vt100
The next field in /etc/ttys, the fourth field,
tells whether to enable the port. Putting on here will
have the init process start the program in the second
field, getty, which will prompt for a login. If you
put off in the fourth field, there will be no
getty, and hence no logins on the port.
So, naturally, you want an on in this field. Here
again is the /etc/ttys file. We have turned each
port on.
ttyd1 "/usr/libexec/getty std.38400" wy50 on secure
ttyd5 "/usr/libexec/getty std.19200" vt100 on
We have arrived at the last field (well, almost: there is
an optional window specifier, but we will ignore that).
The last field tells whether the port is secure.
What does ``secure'' mean?
It means that the root account (or any account with a user ID of 0) may login on the port. Insecure ports do not allow root to login.
How do you use secure and insecure ports?
By marking a port as insecure, the terminal to which it is
connected will not allow root to login. People who know
the root password to your FreeBSD system will first have to
login using a regular user account. To gain superuser
privileges, they will then have to use the su command.
Because of this, you will have two records to help track
down possible compromises of root privileges: both the login
and the su command make records in the system log (and
logins are also recorded in the wtmp file).
By marking a port as secure, the terminal will allow root
in. People who know the root password will just login as
root. You will not have the potentially useful login and
su command records.
Which should you use?
Just use ``insecure.'' Use ``insecure'' even for
terminals not in public user areas or behind locked
doors. It is quite easy to login and use su if you
need superuser privileges.
Here finally are the completed entries in the
/etc/ttys file, with comments added to describe
where the terminals are:
ttyd1 "/usr/libexec/getty std.38400" wy50 on insecure # Kitchen
ttyd5 "/usr/libexec/getty std.19200" vt100 on insecure # Guest bathroom
init to Reread /etc/ttys
When you boot FreeBSD, the first process, init, will
read the /etc/ttys file and start the programs
listed for each enabled port to prompt for logins.
After you edit /etc/ttys, you do not want to have
to reboot your system to get init to see the changes.
So, init will reread /etc/ttys if it receives
a SIGHUP (hangup) signal.
So, after you have saved your changes to /etc/ttys,
send SIGHUP to init by typing:
kill -HUP 1
init process always has process ID 1.)
If everything is set up correctly, all cables are in place, and the terminals are powered up, you should see login prompts. Your terminals are ready for their first logins!