Translation(s): English - Français - Italiano
Contents
/etc/motd in current versions (8+) of Debian
The actual motd is generated and printed by pam_motd, see its manpage. pam_motd is called twice from /etc/pam.d/login and /etc/pam.d/sshd: Once to print the contents from /run/motd.dynamic and once to print the static (and user editable) content from /etc/motd and /etc/motd.d.
/run/motd.dynamic is updated by pam_motd by executing all executable files from /etc/update-motd.d (via run-parts, see also #931185). If you want additional dynamic information in your motd, /etc/update-motd.d is the place to put your scripts. This is a Debian- and Ubuntu-specific patch that might not be present in other flavours of GNU/Linux distributions and is not factored into upstream PAM. Ubuntu has a man page for a no longer existing update-motd executable which describes what pam_motd does in current versions of Debian.
This code has had security issues in the past (CVE-2010-0832, CVE-2011-3628). No Debian version that is currently under official support is affected by those issues.
For your information, this C code is currently used to execute /etc/update-motd.d
if (do_update && (stat("/etc/update-motd.d", &st) == 0) && S_ISDIR(st.st_mode)) { mode_t old_mask = umask(0022); if (!system("/usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new")) rename("/run/motd.dynamic.new", "/run/motd.dynamic"); umask(old_mask); }
sshd
sshd has its own option "?PrintMotd" in /etc/ssh/sshd_config. This defaults to "yes", but is set to "no" in Debian's default configuration since you get the motd twice otherwise: Once printed by pam_motd, the second time by sshd itself. Please note that the motd doesn't show on multiplexed ssh connections, only on the "first" session that also does the authentication.
What others do
Ubuntu
Since Ubuntu Intrepid Ibex (2008.10), Ubuntu handles the motd the same way as Debian does it since Debian 8 (jessie, EOL 2018). Is it therefore basically compatible.
By default Ubuntu ships with a set of scripts that add the number of packages to be update (for example).
Gentoo
Gentoo doesn't display the motd file by default, but this can be enabled in login.defs.
Arch
According to this Arch wiki page, Arch doesn't seem to do anything special to /etc/motd other than display it on boot.
CentOS
2019/06: CentOS install pam_motd, but doesn't use it. sshd is in default configuration and therefore prints the motd on login automatically.
Fedora
2019/06: Uses pam_motd
FreeBSD
In FreeBSD, the motd file is also generated through a boot script, which will preserve modifications by changing only the line that matches (loosely) the uname that gets updated on reboots. The magic lines:
T=`mktemp -t motd` uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,' > ${T} awk '{if (NR == 1) {if ($1 == "FreeBSD") {next} else {print "\n"$0}} else {print}}' < /etc/motd >> ${T}
Historic information: /etc/motd in Debian 6 (squeeze, EOL 2014) and before
Debian used to have a peculiar way of handling /etc/motd. The motd was updated at every reboot, in a boot script (/etc/init.d/bootmisc.sh in lenny and below, /etc/init.d/bootlogs in squeeze), which basically ran the following:
uname -snrvm > /var/run/motd [ -f /etc/motd.tail ] && cat /etc/motd.tail >> /var/run/motd
Since /etc/motd was a symlink to /var/run/motd in Debian, this worked.
Then the pam_motd based method came around, and for a short while, evaluation of /etc/update-motd.d was done by the update-motd pacakge every 10 minutes instead of on-demand via pam_motd.
How to update your /etc/motd
Since /etc/motd basically got overwritten at every reboot, you needed to instead update /etc/motd.tail and either reboot (!!) or also edit /etc/motd.tail or run the above commands. There was a bug report (437176) to provide an easier command to allow you to update only /etc/motd.tail.
How to keep your /etc/motd from being overwritten
rm /etc/motd cat > /etc/motd <<EOF This is my message of the day! EOF
This way, /etc/motd would not have been a symlink to the updated one anymore and woul have therefore always stayed the same. The downside to this was that you did not see the latest kernel version in the motd.
Old school "don't touch my motd" approach
Similar to the above, this approach also made sure dynamic information could be displayed...
cat > /etc/profile.d/uname <<EOF #!/bin/sh uname -snrvm EOF rm /etc/motd cat > /etc/motd <<EOF Known issues ============ * the kerkuffle is known to not restart properly on reboot, to restart use the command service kerkuffle restart
Who was responsible for /etc/motd?
Here's a list of packages which did that work:
base-files: /usr/share/base-files/motd base-files: /usr/share/base-files/motd.md5sums manpages: /usr/share/man/man5/motd.5.gz manpages: /usr/share/man/man5/motd.tail.5.gz libpam-modules: /lib/x86_64-linux-gnu/security/pam_motd.so initscripts: /etc/init.d/bootlogs
base-files basically took care of installing the motd on boot but did not replace it on upgrade (see /usr/share/doc/base-files/README)
manpages explained how motd and motd.tail work