login.conf revision 21526
121526Sdavidn# Sample login.conf - login class capabilities database. 221526Sdavidn# To speed up access to this data, you can use /bin/cap_mkdb 321526Sdavidn# to create a database form of this file: 421526Sdavidn# 521526Sdavidn# cap_mkdb /etc/login.conf 621526Sdavidn# 721526Sdavidn# Don't forget to do this after each edit as well! 821526Sdavidn# 921526Sdavidn# This file controls resource limits, accounting limits and 1021526Sdavidn# default user environment settings. 1121526Sdavidn# 1221526Sdavidn# $Id$ 1321526Sdavidn# 1421526Sdavidn 1521526Sdavidn 1621526Sdavidn# Authentication methods 1721526Sdavidn 1821526Sdavidnauth-defaults:\ 1921526Sdavidn :auth=krb_skey_or_passwd,passwd,kerberos,skey: 2021526Sdavidn 2121526Sdavidnauth-root-defaults:\ 2221526Sdavidn :auth-login=krb_skey_or_passwd,passwd,kerberos,skey:\ 2321526Sdavidn :auth-rlogin=krb_or_skey,kerberos,skey:\ 2421526Sdavidn 2521526Sdavidnauth-ftp-defaults:\ 2621526Sdavidn :auth=skey_or_pwd,passwd,skey: 2721526Sdavidn 2821526Sdavidn 2921526Sdavidn# Example defaults 3021526Sdavidn# These settings are used by login(1) by default for classless users 3121526Sdavidn# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 3221526Sdavidn 3321526Sdavidndefault:\ 3421526Sdavidn :cputime=infinity:\ 3521526Sdavidn :coredumpsize=infinity:\ 3621526Sdavidn :datasize=16M:\ 3721526Sdavidn :filesize=infinity:\ 3821526Sdavidn :maxproc=64:\ 3921526Sdavidn :memorylocked=10M:\ 4021526Sdavidn :memoryuse=30M:\ 4121526Sdavidn :openfiles=64:\ 4221526Sdavidn :priority=0:\ 4321526Sdavidn :requirehome:\ 4421526Sdavidn :stacksize=2M:\ 4521526Sdavidn :term=dumb:\ 4621526Sdavidn :umask=022:\ 4721526Sdavidn :rc=auth-defaults: 4821526Sdavidn 4921526Sdavidn 5021526Sdavidn# 5121526Sdavidn# standard - standard user defaults 5221526Sdavidn# 5321526Sdavidnstandard:\ 5421526Sdavidn :copyright=/etc/COPYRIGHT:\ 5521526Sdavidn :welcome=/etc/motd:\ 5621526Sdavidn :setenv=MAIL=/var/mail/$ BLOCKSIZE=K EDITOR=/usr/bin/ee:\ 5721526Sdavidn :path=~/bin /bin /usr/bin /usr/local/bin:\ 5821526Sdavidn :manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\ 5921526Sdavidn :nologin=/etc/nologin:\ 6021526Sdavidn :coredumpsize=8M:\ 6121526Sdavidn :cputime=1h30m:\ 6221526Sdavidn :datasize=8M:\ 6321526Sdavidn :stacksize=2M:\ 6421526Sdavidn :filesize=8M:\ 6521526Sdavidn :memorylocked=4M:\ 6621526Sdavidn :memoryuse=8M:\ 6721526Sdavidn :openfiles=24:\ 6821526Sdavidn :maxproc=26:\ 6921526Sdavidn :priority=4:\ 7021526Sdavidn :requirehome:\ 7121526Sdavidn :umask=002:\ 7221526Sdavidn :ignoretime@:\ 7321526Sdavidn :tc=default: 7421526Sdavidn 7521526Sdavidn 7621526Sdavidn# 7721526Sdavidn# Staff users - few restrictions and allow login anytime 7821526Sdavidn# display staff motd 7921526Sdavidn# 8021526Sdavidnstaff:\ 8121526Sdavidn :welcome=/etc/motd-staff:\ 8221526Sdavidn :ignorenologin:\ 8321526Sdavidn :ignoretime:\ 8421526Sdavidn :requirehome@:\ 8521526Sdavidn :accounted@:\ 8621526Sdavidn :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 8721526Sdavidn :umask=022:\ 8821526Sdavidn :tc=standard: 8921526Sdavidn 9021526Sdavidn 9121526Sdavidn# 9221526Sdavidn# root - fallback for root logins 9321526Sdavidn# 9421526Sdavidnroot:\ 9521526Sdavidn :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 9621526Sdavidn :umask=022:\ 9721526Sdavidn :tc=auth-root-defaults:\ 9821526Sdavidn :tc=staff: 9921526Sdavidn 10021526Sdavidn 10121526Sdavidn# 10221526Sdavidn# Settings used by /etc/rc 10321526Sdavidn# 10421526Sdavidndaemon:\ 10521526Sdavidn :cputime=unlimited:\ 10621526Sdavidn :filesize=64M:\ 10721526Sdavidn :datasize=32M:\ 10821526Sdavidn :stacksize=32M:\ 10921526Sdavidn :coredumpsize=0:\ 11021526Sdavidn :memoryuse=64M:\ 11121526Sdavidn :memorylocked=64M:\ 11221526Sdavidn :maxproc=32:\ 11321526Sdavidn :openfiles=256:\ 11421526Sdavidn :tc=default: 11521526Sdavidn 11621526Sdavidn 11721526Sdavidn# 11821526Sdavidn# Settings used by news subsystem daemons 11921526Sdavidn# 12021526Sdavidnnews:\ 12121526Sdavidn :cputime=unlimited:\ 12221526Sdavidn :filesize=128:\ 12321526Sdavidn :datasize=64M:\ 12421526Sdavidn :stacksize=32M:\ 12521526Sdavidn :coredumpsize=0:\ 12621526Sdavidn :maxmemorysize=128M:\ 12721526Sdavidn :lockedmemory=32M:\ 12821526Sdavidn :maxproc=128:\ 12921526Sdavidn :openfiles=256:\ 13021526Sdavidn :tc=default:\ 13121526Sdavidn 13221526Sdavidn 13321526Sdavidn# 13421526Sdavidn# The dialer class should be used for a dialup PPP/SLIP accounts 13521526Sdavidn# Welcome messages/news suppressed and a special shell selector 13621526Sdavidn# 13721526Sdavidndialer:\ 13821526Sdavidn :hushlogin:\ 13921526Sdavidn :requirehome@:\ 14021526Sdavidn :shell=/usr/sbin/userls:\ 14121526Sdavidn :cputime=unlimited:\ 14221526Sdavidn :filesize=2M:\ 14321526Sdavidn :datasize=2M:\ 14421526Sdavidn :stacksize=4M:\ 14521526Sdavidn :coredumpsize=0:\ 14621526Sdavidn :memoryuse=4M:\ 14721526Sdavidn :memorylocked=1M:\ 14821526Sdavidn :maxproc=16:\ 14921526Sdavidn :openfiles=32:\ 15021526Sdavidn :tc=standard: 15121526Sdavidn 15221526Sdavidn 15321526Sdavidn# 15421526Sdavidn# Site full-time 24/7 PPP/SLIP connections 15521526Sdavidn# - no time accounting, restricted to access via dialin lines 15621526Sdavidn# 15721526Sdavidnsite:\ 15821526Sdavidn :ignoretime:\ 15921526Sdavidn :passwordperiod@:\ 16021526Sdavidn :refreshtime@:\ 16121526Sdavidn :refreshperiod@:\ 16221526Sdavidn :sessionlimit@:\ 16321526Sdavidn :autodelete@:\ 16421526Sdavidn :expireperiod@:\ 16521526Sdavidn :graceexpire@:\ 16621526Sdavidn ;gracetime@:\ 16721526Sdavidn :warnexpire@:\ 16821526Sdavidn :warnpassword@:\ 16921526Sdavidn :idletime@:\ 17021526Sdavidn :sessiontime@:\ 17121526Sdavidn :daytime@:\ 17221526Sdavidn :weektime@:\ 17321526Sdavidn :monthtime@:\ 17421526Sdavidn :warntime@:\ 17521526Sdavidn :tty.allow=dialin:\ 17621526Sdavidn :tty.deny=:\ 17721526Sdavidn :host.allow=:\ 17821526Sdavidn :host.deny=:\ 17921526Sdavidn :accounted@: 18021526Sdavidn :tc=dialer:\ 18121526Sdavidn :tc=staff: 18221526Sdavidn 18321526Sdavidn 18421526Sdavidn# 18521526Sdavidn# Example standard accounting entries for subscriber levels 18621526Sdavidn# 18721526Sdavidn 18821526Sdavidnsubscriber|Subscribers:\ 18921526Sdavidn :accounted:\ 19021526Sdavidn :passwordperiod=90d:\ 19121526Sdavidn :refreshtime=180d:\ 19221526Sdavidn :refreshperiod@:\ 19321526Sdavidn :sessionlimit@:\ 19421526Sdavidn :autodelete=30d:\ 19521526Sdavidn :expireperiod=180d:\ 19621526Sdavidn :graceexpire=7d:\ 19721526Sdavidn :gracetime=10m:\ 19821526Sdavidn :warnexpire=7d:\ 19921526Sdavidn :warnpassword=7d:\ 20021526Sdavidn :idletime=30m:\ 20121526Sdavidn :sessiontime=4h:\ 20221526Sdavidn :daytime=6h:\ 20321526Sdavidn :weektime=40h:\ 20421526Sdavidn :monthtime=120h:\ 20521526Sdavidn :warntime=4h:\ 20621526Sdavidn :tty.allow=dialin,pty,vt:\ 20721526Sdavidn :tty.deny=:\ 20821526Sdavidn :times.allow=Any0000-2400:\ 20921526Sdavidn :times.deny=Mo0900-1200,Fr2120-2130:\ 21021526Sdavidn :tc=standard: 21121526Sdavidn 21221526Sdavidn 21321526Sdavidn# 21421526Sdavidn# Subscriber accounts. These accounts have their login times 21521526Sdavidn# accounted and have access limits applied. 21621526Sdavidn# Userls is a user shell selector - do not use these classes without it! 21721526Sdavidn# 21821526Sdavidnsubppp|Dual PPP/SLIP Subscriber Accounts:\ 21921526Sdavidn :shell=/usr/sbin/userls:\ 22021526Sdavidn :tc=dialer:\ 22121526Sdavidn :tc=subscriber: 22221526Sdavidn 22321526Sdavidn 22421526Sdavidnsubslip|Dual PPP/SLIP Subscriber Accounts:\ 22521526Sdavidn :shell=/usr/sbin/userls:\ 22621526Sdavidn :tc=dialer:\ 22721526Sdavidn :tc=subscriber: 22821526Sdavidn 22921526Sdavidn 23021526Sdavidnsubshell:Shell Subscriber Accounts:\ 23121526Sdavidn :tc=subscriber: 23221526Sdavidn 233