login.conf revision 237270
1# login.conf - login class capabilities database. 2# 3# Remember to rebuild the database after each change to this file: 4# 5# cap_mkdb /etc/login.conf 6# 7# This file controls resource limits, accounting limits and 8# default user environment settings. 9# 10# $FreeBSD: head/etc/login.conf 237270 2012-06-19 14:47:07Z des $ 11# 12 13# Default settings effectively disable resource limits, see the 14# examples below for a starting point to enable them. 15 16# defaults 17# These settings are used by login(1) by default for classless users 18# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 19# 20# Note that since a colon ':' is used to separate capability entries, 21# a \c escape sequence must be used to embed a literal colon in the 22# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX 23# AND SEMANTICS'' section of getcap(3) for more escape sequences). 24 25default:\ 26 :passwd_format=sha512:\ 27 :copyright=/etc/COPYRIGHT:\ 28 :welcome=/etc/motd:\ 29 :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ 30 :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin ~/bin:\ 31 :nologin=/var/run/nologin:\ 32 :cputime=unlimited:\ 33 :datasize=unlimited:\ 34 :stacksize=unlimited:\ 35 :memorylocked=unlimited:\ 36 :memoryuse=unlimited:\ 37 :filesize=unlimited:\ 38 :coredumpsize=unlimited:\ 39 :openfiles=unlimited:\ 40 :maxproc=unlimited:\ 41 :sbsize=unlimited:\ 42 :vmemoryuse=unlimited:\ 43 :swapuse=unlimited:\ 44 :pseudoterminals=unlimited:\ 45 :priority=0:\ 46 :ignoretime@:\ 47 :umask=022: 48 49 50# 51# A collection of common class names - forward them all to 'default' 52# (login would normally do this anyway, but having a class name 53# here suppresses the diagnostic) 54# 55standard:\ 56 :tc=default: 57xuser:\ 58 :tc=default: 59staff:\ 60 :tc=default: 61daemon:\ 62 :tc=default: 63news:\ 64 :tc=default: 65dialer:\ 66 :tc=default: 67 68# 69# Root can always login 70# 71# N.B. login_getpwclass(3) will use this entry for the root account, 72# in preference to 'default'. 73root:\ 74 :ignorenologin:\ 75 :tc=default: 76 77# 78# Russian Users Accounts. Setup proper environment variables. 79# 80russian|Russian Users Accounts:\ 81 :charset=KOI8-R:\ 82 :lang=ru_RU.KOI8-R:\ 83 :tc=default: 84 85 86###################################################################### 87###################################################################### 88## 89## Example entries 90## 91###################################################################### 92###################################################################### 93 94## Example defaults 95## These settings are used by login(1) by default for classless users 96## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 97# 98#default:\ 99# :cputime=infinity:\ 100# :datasize-cur=22M:\ 101# :stacksize-cur=8M:\ 102# :memorylocked-cur=10M:\ 103# :memoryuse-cur=30M:\ 104# :filesize=infinity:\ 105# :coredumpsize=infinity:\ 106# :maxproc-cur=64:\ 107# :openfiles-cur=64:\ 108# :priority=0:\ 109# :requirehome@:\ 110# :umask=022:\ 111# :tc=auth-defaults: 112# 113# 114## 115## standard - standard user defaults 116## 117#standard:\ 118# :copyright=/etc/COPYRIGHT:\ 119# :welcome=/etc/motd:\ 120# :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ 121# :path=~/bin /bin /usr/bin /usr/local/bin:\ 122# :manpath=/usr/share/man /usr/local/man:\ 123# :nologin=/var/run/nologin:\ 124# :cputime=1h30m:\ 125# :datasize=8M:\ 126# :vmemoryuse=100M:\ 127# :stacksize=2M:\ 128# :memorylocked=4M:\ 129# :memoryuse=8M:\ 130# :filesize=8M:\ 131# :coredumpsize=8M:\ 132# :openfiles=24:\ 133# :maxproc=32:\ 134# :priority=0:\ 135# :requirehome:\ 136# :passwordtime=90d:\ 137# :umask=002:\ 138# :ignoretime@:\ 139# :tc=default: 140# 141# 142## 143## users of X (needs more resources!) 144## 145#xuser:\ 146# :manpath=/usr/share/man /usr/local/man:\ 147# :cputime=4h:\ 148# :datasize=12M:\ 149# :vmemoryuse=infinity:\ 150# :stacksize=4M:\ 151# :filesize=8M:\ 152# :memoryuse=16M:\ 153# :openfiles=32:\ 154# :maxproc=48:\ 155# :tc=standard: 156# 157# 158## 159## Staff users - few restrictions and allow login anytime 160## 161#staff:\ 162# :ignorenologin:\ 163# :ignoretime:\ 164# :requirehome@:\ 165# :accounted@:\ 166# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 167# :umask=022:\ 168# :tc=standard: 169# 170# 171## 172## root - fallback for root logins 173## 174#root:\ 175# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 176# :cputime=infinity:\ 177# :datasize=infinity:\ 178# :stacksize=infinity:\ 179# :memorylocked=infinity:\ 180# :memoryuse=infinity:\ 181# :filesize=infinity:\ 182# :coredumpsize=infinity:\ 183# :openfiles=infinity:\ 184# :maxproc=infinity:\ 185# :memoryuse-cur=32M:\ 186# :maxproc-cur=64:\ 187# :openfiles-cur=1024:\ 188# :priority=0:\ 189# :requirehome@:\ 190# :umask=022:\ 191# :tc=auth-root-defaults: 192# 193# 194## 195## Settings used by /etc/rc 196## 197#daemon:\ 198# :coredumpsize@:\ 199# :coredumpsize-cur=0:\ 200# :datasize=infinity:\ 201# :datasize-cur@:\ 202# :maxproc=512:\ 203# :maxproc-cur@:\ 204# :memoryuse-cur=64M:\ 205# :memorylocked-cur=64M:\ 206# :openfiles=1024:\ 207# :openfiles-cur@:\ 208# :stacksize=16M:\ 209# :stacksize-cur@:\ 210# :tc=default: 211# 212# 213## 214## Settings used by news subsystem 215## 216#news:\ 217# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 218# :cputime=infinity:\ 219# :filesize=128M:\ 220# :datasize-cur=64M:\ 221# :stacksize-cur=32M:\ 222# :coredumpsize-cur=0:\ 223# :maxmemorysize-cur=128M:\ 224# :memorylocked=32M:\ 225# :maxproc=128:\ 226# :openfiles=256:\ 227# :tc=default: 228# 229# 230## 231## The dialer class should be used for a dialup PPP account 232## Welcome messages/news suppressed 233## 234#dialer:\ 235# :hushlogin:\ 236# :requirehome@:\ 237# :cputime=unlimited:\ 238# :filesize=2M:\ 239# :datasize=2M:\ 240# :stacksize=4M:\ 241# :coredumpsize=0:\ 242# :memoryuse=4M:\ 243# :memorylocked=1M:\ 244# :maxproc=16:\ 245# :openfiles=32:\ 246# :tc=standard: 247# 248# 249## 250## Site full-time 24/7 PPP connection 251## - no time accounting, restricted to access via dialin lines 252## 253#site:\ 254# :ignoretime:\ 255# :passwordtime@:\ 256# :refreshtime@:\ 257# :refreshperiod@:\ 258# :sessionlimit@:\ 259# :autodelete@:\ 260# :expireperiod@:\ 261# :graceexpire@:\ 262# :gracetime@:\ 263# :warnexpire@:\ 264# :warnpassword@:\ 265# :idletime@:\ 266# :sessiontime@:\ 267# :daytime@:\ 268# :weektime@:\ 269# :monthtime@:\ 270# :warntime@:\ 271# :accounted@:\ 272# :tc=dialer:\ 273# :tc=staff: 274# 275# 276## 277## Example standard accounting entries for subscriber levels 278## 279# 280#subscriber|Subscribers:\ 281# :accounted:\ 282# :refreshtime=180d:\ 283# :refreshperiod@:\ 284# :sessionlimit@:\ 285# :autodelete=30d:\ 286# :expireperiod=180d:\ 287# :graceexpire=7d:\ 288# :gracetime=10m:\ 289# :warnexpire=7d:\ 290# :warnpassword=7d:\ 291# :idletime=30m:\ 292# :sessiontime=4h:\ 293# :daytime=6h:\ 294# :weektime=40h:\ 295# :monthtime=120h:\ 296# :warntime=4h:\ 297# :tc=standard: 298# 299# 300## 301## Subscriber accounts. These accounts have their login times 302## accounted and have access limits applied. 303## 304#subppp|PPP Subscriber Accounts:\ 305# :tc=dialer:\ 306# :tc=subscriber: 307# 308# 309#subshell|Shell Subscriber Accounts:\ 310# :tc=subscriber: 311# 312## 313## If you want some of the accounts to use traditional UNIX DES based 314## password hashes. 315## 316#des_users:\ 317# :passwd_format=des:\ 318# :tc=default: 319