This section describes what you need to configure on your FreeBSD system to enable a login session on a terminal. It assumes you have already configured your kernel to support the serial port to which the terminal is connected---and that you have connected it.
In a nutshell, you need to tell the init
process, which is
responsible for process control and initialization, to start a
getty
process, which is responsible for reading a login
name and starting the login
program.
To do so, you have to edit the /etc/ttys
file.
First, use the su
command to become root. Then, make the
following changes to /etc/ttys
:
/etc/ttys
for the entry in the
/dev
directory for the serial port if it is not
already there.
/usr/libexec/getty
be run on the
port, and specify the appropriate getty
type from the
/etc/gettytab
file.
init
to reread the /etc/ttys
file.As an optional step, you may wish to create a custom
getty
type for use in step 2 by making an entry in
/etc/gettytab
. This document does not explain how to
do so; you are encouraged to see the gettytab(5) and the
getty(8) manual pages for more information.
The remaining sections detail how to do these steps. We will use a running example throughout these sections to illustrate what we need to do. In our example, we will connect two terminals to the system: a Wyse-50 and a old 286 IBM PC running Procomm terminal software emulating a VT-100 terminal. We connect the Wyse to the second serial port and the 286 to the sixth serial port (a port on a multiport serial card).
For more information on the /etc/ttys
file, see the
ttys(5) manual page.
/etc/ttys
First, you need to add an entry to the /etc/ttys
file, unless one is already there.
The /etc/ttys
file lists all of the ports on your
FreeBSD system where you want to allow logins. For example,
the first virtual console ttyv0
has an entry in
this file. You can log in on the console using this entry.
This file contains entries for the other virtual consoles,
serial ports, and pseudo-ttys. For a hardwired terminal,
just list the serial port's /dev
entry without the
/dev
part.
When you installed your FreeBSD system, the
/etc/ttys
file included entries for the first four
serial ports: ttyd0
through ttyd3
. If you are
attaching a terminal on one of those ports, you do not need
to add an entry.
In our example, we attached a Wyse-50 to the second serial
port, ttyd1
, which is already in the file. We need to
add an entry for the 286 PC connected to the sixth serial
port. Here is an excerpt of the /etc/ttys
file
after we add the new entry:
ttyd1 "/usr/libexec/getty std.9600" unknown off secure
ttyd5
getty
TypeNext, we need to specify what program will be run to handle
the logins on a terminal. For FreeBSD, the standard program
to do that is /usr/libexec/getty
. It is what
provides the login:
prompt.
The program getty
takes one (optional) parameter on its
command line, the getty
type. A getty
type
tells about characteristics on the terminal line, like bps
rate and parity. The getty
program reads these
characteristics from the file /etc/gettytab
.
The file /etc/gettytab
contains lots of entries for
terminal lines both old and new. In almost all cases, the
entries that start with the text std
will work for
hardwired terminals. These entries ignore parity. There is
a std
entry for each bps rate from 110 to 115200. Of
course, you can add your own entries to this file. The
manual page gettytab(5) provides more information.
When setting the getty
type in the /etc/ttys
file, make sure that the communications settings on the
terminal match.
For our example, the Wyse-50 uses no parity and connects at
38400 bps. The 286 PC uses no parity and connects at 19200
bps. Here is the /etc/ttys
file so far (showing
just the two terminals in which we are interested):
ttyd1 "/usr/libexec/getty std.38400" unknown off secure
ttyd5 "/usr/libexec/getty std.19200"
Note that the second field---where we specify what program
to run---appears in quotes. This is important, otherwise
the type argument to getty
might be interpreted as the
next field.
The third field in the /etc/ttys
file lists the
default terminal type for the port. For dialup ports, you
typically put unknown
or dialup
in this field
because users may dial up with practically any kind of
terminal or software. For hardwired terminals, the terminal
type does not change, so you can put a real terminal type in
this field.
Users will usually use the tset
program in
their .login
or .profile
files to check the terminal
type and prompt for one if necessary. By setting a terminal
type in the /etc/ttys
file, users can forego such
prompting.
To find out what terminal types FreeBSD supports, see the
file /usr/share/misc/termcap
. It lists about 600
terminal types. You can add more if you wish. See the
termcap(5) manual page for information.
In our example, the Wyse-50 is a Wyse-50 type of terminal
(although it can emulate others, we will leave it in Wyse-50
mode). The 286 PC is running Procomm which will be set to
emulate a VT-100. Here are the pertinent yet unfinished
entries from the /etc/ttys
file:
ttyd1 "/usr/libexec/getty std.38400" wy50 off secure
ttyd5 "/usr/libexec/getty std.19200" vt100
The next field in /etc/ttys
, the fourth field,
tells whether to enable the port. Putting on
here will
have the init
process start the program in the second
field, getty
, which will prompt for a login. If you
put off
in the fourth field, there will be no
getty
, and hence no logins on the port.
So, naturally, you want an on
in this field. Here
again is the /etc/ttys
file. We have turned each
port on
.
ttyd1 "/usr/libexec/getty std.38400" wy50 on secure
ttyd5 "/usr/libexec/getty std.19200" vt100 on
We have arrived at the last field (well, almost: there is
an optional window
specifier, but we will ignore that).
The last field tells whether the port is secure.
What does ``secure'' mean?
It means that the root account (or any account with a user ID of 0) may login on the port. Insecure ports do not allow root to login.
How do you use secure and insecure ports?
By marking a port as insecure, the terminal to which it is
connected will not allow root to login. People who know
the root password to your FreeBSD system will first have to
login using a regular user account. To gain superuser
privileges, they will then have to use the su
command.
Because of this, you will have two records to help track
down possible compromises of root privileges: both the login
and the su
command make records in the system log (and
logins are also recorded in the wtmp
file).
By marking a port as secure, the terminal will allow root
in. People who know the root password will just login as
root. You will not have the potentially useful login and
su
command records.
Which should you use?
Just use ``insecure.'' Use ``insecure'' even for
terminals not in public user areas or behind locked
doors. It is quite easy to login and use su
if you
need superuser privileges.
Here finally are the completed entries in the
/etc/ttys
file, with comments added to describe
where the terminals are:
ttyd1 "/usr/libexec/getty std.38400" wy50 on insecure # Kitchen
ttyd5 "/usr/libexec/getty std.19200" vt100 on insecure # Guest bathroom
init
to Reread /etc/ttys
When you boot FreeBSD, the first process, init
, will
read the /etc/ttys
file and start the programs
listed for each enabled port to prompt for logins.
After you edit /etc/ttys
, you do not want to have
to reboot your system to get init
to see the changes.
So, init
will reread /etc/ttys
if it receives
a SIGHUP (hangup) signal.
So, after you have saved your changes to /etc/ttys
,
send SIGHUP to init
by typing:
kill -HUP 1
(The init
process always has process ID 1.)
If everything is set up correctly, all cables are in place, and the terminals are powered up, you should see login prompts. Your terminals are ready for their first logins!