login.conf revision 246002
158579Srwatson# login.conf - login class capabilities database. 221526Sdavidn# 358579Srwatson# Remember to rebuild the database after each change to this file: 458579Srwatson# 521526Sdavidn# cap_mkdb /etc/login.conf 621526Sdavidn# 721526Sdavidn# This file controls resource limits, accounting limits and 821526Sdavidn# default user environment settings. 921526Sdavidn# 1050472Speter# $FreeBSD: head/etc/login.conf 246002 2013-01-27 21:55:01Z neel $ 1121526Sdavidn# 1221526Sdavidn 1339375Smsmith# Default settings effectively disable resource limits, see the 1439375Smsmith# examples below for a starting point to enable them. 1521526Sdavidn 1642149Shoek# defaults 1721526Sdavidn# These settings are used by login(1) by default for classless users 1821526Sdavidn# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 19149672Skeramida# 20149672Skeramida# Note that since a colon ':' is used to separate capability entries, 21149672Skeramida# a \c escape sequence must be used to embed a literal colon in the 22149672Skeramida# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX 23149672Skeramida# AND SEMANTICS'' section of getcap(3) for more escape sequences). 2421526Sdavidn 2521526Sdavidndefault:\ 26237269Sdes :passwd_format=sha512:\ 2770189Srwatson :copyright=/etc/COPYRIGHT:\ 2821526Sdavidn :welcome=/etc/motd:\ 29237270Sdes :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ 30170088Sdougb :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin ~/bin:\ 3142515Sasami :nologin=/var/run/nologin:\ 3239375Smsmith :cputime=unlimited:\ 3339375Smsmith :datasize=unlimited:\ 3439375Smsmith :stacksize=unlimited:\ 35244383Szont :memorylocked=64K:\ 3639375Smsmith :memoryuse=unlimited:\ 3739375Smsmith :filesize=unlimited:\ 3839375Smsmith :coredumpsize=unlimited:\ 3939375Smsmith :openfiles=unlimited:\ 4039375Smsmith :maxproc=unlimited:\ 4161184Salfred :sbsize=unlimited:\ 4298853Sdillon :vmemoryuse=unlimited:\ 43194767Skib :swapuse=unlimited:\ 44181905Sed :pseudoterminals=unlimited:\ 4521538Sdavidn :priority=0:\ 4621526Sdavidn :ignoretime@:\ 4739375Smsmith :umask=022: 4821526Sdavidn 4921943Sdavidn 5021538Sdavidn# 5139375Smsmith# A collection of common class names - forward them all to 'default' 5239375Smsmith# (login would normally do this anyway, but having a class name 5339375Smsmith# here suppresses the diagnostic) 5421538Sdavidn# 5539375Smsmithstandard:\ 5639375Smsmith :tc=default: 5721538Sdavidnxuser:\ 5839375Smsmith :tc=default: 5921526Sdavidnstaff:\ 6039375Smsmith :tc=default: 6139375Smsmithdaemon:\ 62246002Sneel :memorylocked=128M:\ 6339424Sdt :tc=default: 6439375Smsmithnews:\ 6539375Smsmith :tc=default: 6639375Smsmithdialer:\ 6739375Smsmith :tc=default: 6821526Sdavidn 6921526Sdavidn# 7039375Smsmith# Root can always login 7121526Sdavidn# 7248814Snik# N.B. login_getpwclass(3) will use this entry for the root account, 7348814Snik# in preference to 'default'. 7421526Sdavidnroot:\ 7539375Smsmith :ignorenologin:\ 76244383Szont :memorylocked=unlimited:\ 7739375Smsmith :tc=default: 7821526Sdavidn 7921526Sdavidn# 8039375Smsmith# Russian Users Accounts. Setup proper environment variables. 8121526Sdavidn# 8291527Srwatsonrussian|Russian Users Accounts:\ 8339375Smsmith :charset=KOI8-R:\ 8439375Smsmith :lang=ru_RU.KOI8-R:\ 8521526Sdavidn :tc=default: 8621526Sdavidn 8721526Sdavidn 8839375Smsmith###################################################################### 8939375Smsmith###################################################################### 9039375Smsmith## 9139375Smsmith## Example entries 92130151Sschweikh## 9339375Smsmith###################################################################### 9439375Smsmith###################################################################### 9539375Smsmith 9639375Smsmith## Example defaults 9739375Smsmith## These settings are used by login(1) by default for classless users 9839375Smsmith## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 9921526Sdavidn# 10039375Smsmith#default:\ 10139375Smsmith# :cputime=infinity:\ 10239375Smsmith# :datasize-cur=22M:\ 10339375Smsmith# :stacksize-cur=8M:\ 10439375Smsmith# :memorylocked-cur=10M:\ 10539375Smsmith# :memoryuse-cur=30M:\ 10639375Smsmith# :filesize=infinity:\ 10739375Smsmith# :coredumpsize=infinity:\ 10839375Smsmith# :maxproc-cur=64:\ 10939375Smsmith# :openfiles-cur=64:\ 11039375Smsmith# :priority=0:\ 11139375Smsmith# :requirehome@:\ 11239375Smsmith# :umask=022:\ 11339375Smsmith# :tc=auth-defaults: 11421526Sdavidn# 11521526Sdavidn# 11639375Smsmith## 11739375Smsmith## standard - standard user defaults 11839375Smsmith## 11939375Smsmith#standard:\ 12070189Srwatson# :copyright=/etc/COPYRIGHT:\ 12139375Smsmith# :welcome=/etc/motd:\ 12243220Sdg# :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ 12339375Smsmith# :path=~/bin /bin /usr/bin /usr/local/bin:\ 12439375Smsmith# :manpath=/usr/share/man /usr/local/man:\ 12542587Sasami# :nologin=/var/run/nologin:\ 12639375Smsmith# :cputime=1h30m:\ 12739375Smsmith# :datasize=8M:\ 12898853Sdillon# :vmemoryuse=100M:\ 12939375Smsmith# :stacksize=2M:\ 13039375Smsmith# :memorylocked=4M:\ 13139375Smsmith# :memoryuse=8M:\ 13239375Smsmith# :filesize=8M:\ 13339375Smsmith# :coredumpsize=8M:\ 13439375Smsmith# :openfiles=24:\ 13539375Smsmith# :maxproc=32:\ 13639375Smsmith# :priority=0:\ 13739375Smsmith# :requirehome:\ 13846209Shoek# :passwordtime=90d:\ 13939375Smsmith# :umask=002:\ 14039375Smsmith# :ignoretime@:\ 14139375Smsmith# :tc=default: 14221526Sdavidn# 14321526Sdavidn# 14439375Smsmith## 14539375Smsmith## users of X (needs more resources!) 14639375Smsmith## 14739375Smsmith#xuser:\ 148170088Sdougb# :manpath=/usr/share/man /usr/local/man:\ 14939375Smsmith# :cputime=4h:\ 15039375Smsmith# :datasize=12M:\ 15198853Sdillon# :vmemoryuse=infinity:\ 15239375Smsmith# :stacksize=4M:\ 15339375Smsmith# :filesize=8M:\ 15439375Smsmith# :memoryuse=16M:\ 15539375Smsmith# :openfiles=32:\ 15639375Smsmith# :maxproc=48:\ 15739375Smsmith# :tc=standard: 15825369Sache# 15925369Sache# 16039375Smsmith## 16139375Smsmith## Staff users - few restrictions and allow login anytime 16239375Smsmith## 16339375Smsmith#staff:\ 16439375Smsmith# :ignorenologin:\ 16539375Smsmith# :ignoretime:\ 16639375Smsmith# :requirehome@:\ 16739375Smsmith# :accounted@:\ 16839375Smsmith# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 16939375Smsmith# :umask=022:\ 17039375Smsmith# :tc=standard: 17139375Smsmith# 17239375Smsmith# 17339375Smsmith## 17439375Smsmith## root - fallback for root logins 17539375Smsmith## 17639375Smsmith#root:\ 17739375Smsmith# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 17839375Smsmith# :cputime=infinity:\ 17939375Smsmith# :datasize=infinity:\ 18039375Smsmith# :stacksize=infinity:\ 18139375Smsmith# :memorylocked=infinity:\ 18239375Smsmith# :memoryuse=infinity:\ 18339375Smsmith# :filesize=infinity:\ 18439375Smsmith# :coredumpsize=infinity:\ 18539375Smsmith# :openfiles=infinity:\ 18639375Smsmith# :maxproc=infinity:\ 18739375Smsmith# :memoryuse-cur=32M:\ 18839375Smsmith# :maxproc-cur=64:\ 18939375Smsmith# :openfiles-cur=1024:\ 19039375Smsmith# :priority=0:\ 19139375Smsmith# :requirehome@:\ 19239375Smsmith# :umask=022:\ 19339375Smsmith# :tc=auth-root-defaults: 19439375Smsmith# 19539375Smsmith# 19639375Smsmith## 19739375Smsmith## Settings used by /etc/rc 19839375Smsmith## 19939375Smsmith#daemon:\ 20039375Smsmith# :coredumpsize@:\ 20139375Smsmith# :coredumpsize-cur=0:\ 20239375Smsmith# :datasize=infinity:\ 20339375Smsmith# :datasize-cur@:\ 20439375Smsmith# :maxproc=512:\ 20539375Smsmith# :maxproc-cur@:\ 20639375Smsmith# :memoryuse-cur=64M:\ 20739375Smsmith# :memorylocked-cur=64M:\ 20839375Smsmith# :openfiles=1024:\ 20939375Smsmith# :openfiles-cur@:\ 21039375Smsmith# :stacksize=16M:\ 21139375Smsmith# :stacksize-cur@:\ 21239375Smsmith# :tc=default: 21339375Smsmith# 21439375Smsmith# 21539375Smsmith## 21639375Smsmith## Settings used by news subsystem 21739375Smsmith## 21839375Smsmith#news:\ 21939375Smsmith# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 22039375Smsmith# :cputime=infinity:\ 22139375Smsmith# :filesize=128M:\ 22239375Smsmith# :datasize-cur=64M:\ 22339375Smsmith# :stacksize-cur=32M:\ 22439375Smsmith# :coredumpsize-cur=0:\ 22539375Smsmith# :maxmemorysize-cur=128M:\ 22639375Smsmith# :memorylocked=32M:\ 22739375Smsmith# :maxproc=128:\ 22839375Smsmith# :openfiles=256:\ 22939375Smsmith# :tc=default: 23039375Smsmith# 23139375Smsmith# 23239375Smsmith## 233209331Sbrian## The dialer class should be used for a dialup PPP account 23439375Smsmith## Welcome messages/news suppressed 23539375Smsmith## 23639375Smsmith#dialer:\ 23739375Smsmith# :hushlogin:\ 23839375Smsmith# :requirehome@:\ 23939375Smsmith# :cputime=unlimited:\ 24039375Smsmith# :filesize=2M:\ 24139375Smsmith# :datasize=2M:\ 24239375Smsmith# :stacksize=4M:\ 24339375Smsmith# :coredumpsize=0:\ 24439375Smsmith# :memoryuse=4M:\ 24539375Smsmith# :memorylocked=1M:\ 24639375Smsmith# :maxproc=16:\ 24739375Smsmith# :openfiles=32:\ 24839375Smsmith# :tc=standard: 24939375Smsmith# 25039375Smsmith# 25139375Smsmith## 252209331Sbrian## Site full-time 24/7 PPP connection 25339375Smsmith## - no time accounting, restricted to access via dialin lines 25439375Smsmith## 25539375Smsmith#site:\ 25639375Smsmith# :ignoretime:\ 25746209Shoek# :passwordtime@:\ 25839375Smsmith# :refreshtime@:\ 25939375Smsmith# :refreshperiod@:\ 26039375Smsmith# :sessionlimit@:\ 26139375Smsmith# :autodelete@:\ 26239375Smsmith# :expireperiod@:\ 26339375Smsmith# :graceexpire@:\ 26439375Smsmith# :gracetime@:\ 26539375Smsmith# :warnexpire@:\ 26639375Smsmith# :warnpassword@:\ 26739375Smsmith# :idletime@:\ 26839375Smsmith# :sessiontime@:\ 26939375Smsmith# :daytime@:\ 27039375Smsmith# :weektime@:\ 27139375Smsmith# :monthtime@:\ 27239375Smsmith# :warntime@:\ 27339375Smsmith# :accounted@:\ 27439375Smsmith# :tc=dialer:\ 27539375Smsmith# :tc=staff: 27639375Smsmith# 27739375Smsmith# 27839375Smsmith## 27939375Smsmith## Example standard accounting entries for subscriber levels 28039375Smsmith## 28139375Smsmith# 28239375Smsmith#subscriber|Subscribers:\ 28339375Smsmith# :accounted:\ 28439375Smsmith# :refreshtime=180d:\ 28539375Smsmith# :refreshperiod@:\ 28639375Smsmith# :sessionlimit@:\ 28739375Smsmith# :autodelete=30d:\ 28839375Smsmith# :expireperiod=180d:\ 28939375Smsmith# :graceexpire=7d:\ 29039375Smsmith# :gracetime=10m:\ 29139375Smsmith# :warnexpire=7d:\ 29239375Smsmith# :warnpassword=7d:\ 29339375Smsmith# :idletime=30m:\ 29439375Smsmith# :sessiontime=4h:\ 29539375Smsmith# :daytime=6h:\ 29639375Smsmith# :weektime=40h:\ 29739375Smsmith# :monthtime=120h:\ 29839375Smsmith# :warntime=4h:\ 29939375Smsmith# :tc=standard: 30039375Smsmith# 30139375Smsmith# 30239375Smsmith## 30339375Smsmith## Subscriber accounts. These accounts have their login times 30439375Smsmith## accounted and have access limits applied. 30539375Smsmith## 30639375Smsmith#subppp|PPP Subscriber Accounts:\ 30739375Smsmith# :tc=dialer:\ 30839375Smsmith# :tc=subscriber: 30939375Smsmith# 31039375Smsmith# 31191528Srwatson#subshell|Shell Subscriber Accounts:\ 31239375Smsmith# :tc=subscriber: 31339375Smsmith# 31469015Sobrien## 31569015Sobrien## If you want some of the accounts to use traditional UNIX DES based 31669015Sobrien## password hashes. 31769015Sobrien## 31869015Sobrien#des_users:\ 31983325Sru# :passwd_format=des:\ 32069015Sobrien# :tc=default: 321