login.conf revision 42587
121526Sdavidn# Sample login.conf - login class capabilities database. 225901Sgpalmer# To speed up access to this data, you can use /usr/bin/cap_mkdb 321526Sdavidn# to create a database form of this file: 421526Sdavidn# 521526Sdavidn# cap_mkdb /etc/login.conf 621526Sdavidn# 721526Sdavidn# Don't forget to do this after each edit as well! 821526Sdavidn# 921526Sdavidn# This file controls resource limits, accounting limits and 1021526Sdavidn# default user environment settings. 1121526Sdavidn# 1242587Sasami# $Id: login.conf,v 1.25 1999/01/11 09:07:38 asami Exp $ 1321526Sdavidn# 1421526Sdavidn 1539375Smsmith# Default settings effectively disable resource limits, see the 1639375Smsmith# examples below for a starting point to enable them. 1721526Sdavidn 1842149Shoek# defaults 1921526Sdavidn# These settings are used by login(1) by default for classless users 2021526Sdavidn# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 2121526Sdavidn 2221526Sdavidndefault:\ 2321526Sdavidn :copyright=/etc/COPYRIGHT:\ 2421526Sdavidn :welcome=/etc/motd:\ 2521943Sdavidn :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,EDITOR=/usr/bin/ee:\ 2621526Sdavidn :path=~/bin /bin /usr/bin /usr/local/bin:\ 2742515Sasami :nologin=/var/run/nologin:\ 2839375Smsmith :cputime=unlimited:\ 2939375Smsmith :datasize=unlimited:\ 3039375Smsmith :stacksize=unlimited:\ 3139375Smsmith :memorylocked=unlimited:\ 3239375Smsmith :memoryuse=unlimited:\ 3339375Smsmith :filesize=unlimited:\ 3439375Smsmith :coredumpsize=unlimited:\ 3539375Smsmith :openfiles=unlimited:\ 3639375Smsmith :maxproc=unlimited:\ 3721538Sdavidn :priority=0:\ 3821526Sdavidn :ignoretime@:\ 3939375Smsmith :umask=022: 4021526Sdavidn 4121943Sdavidn 4221538Sdavidn# 4339375Smsmith# A collection of common class names - forward them all to 'default' 4439375Smsmith# (login would normally do this anyway, but having a class name 4539375Smsmith# here suppresses the diagnostic) 4621538Sdavidn# 4739375Smsmithstandard:\ 4839375Smsmith :tc=default: 4921538Sdavidnxuser:\ 5039375Smsmith :tc=default: 5121526Sdavidnstaff:\ 5239375Smsmith :tc=default: 5339375Smsmithdaemon:\ 5439424Sdt :tc=default: 5539375Smsmithnews:\ 5639375Smsmith :tc=default: 5739375Smsmithdialer:\ 5839375Smsmith :tc=default: 5921526Sdavidn 6021526Sdavidn# 6139375Smsmith# Root can always login 6221526Sdavidn# 6321526Sdavidnroot:\ 6439375Smsmith :ignorenologin:\ 6539375Smsmith :tc=default: 6621526Sdavidn 6721526Sdavidn# 6839375Smsmith# Russian Users Accounts. Setup proper environment variables. 6921526Sdavidn# 7039375Smsmithrussian:Russian Users Accounts:\ 7139375Smsmith :charset=KOI8-R:\ 7239375Smsmith :lang=ru_RU.KOI8-R:\ 7321526Sdavidn :tc=default: 7421526Sdavidn 7521526Sdavidn 7639375Smsmith###################################################################### 7739375Smsmith###################################################################### 7839375Smsmith## 7939375Smsmith## Example entries 8039375Smsmith## 8139375Smsmith###################################################################### 8239375Smsmith###################################################################### 8339375Smsmith 8439375Smsmith## Authentication methods 8539375Smsmith## Note that these are disabled by default, and libutil must 8639375Smsmith## be rebuilt with LOGIN_CAP_AUTH defined to use them. 8721526Sdavidn# 8839375Smsmith#auth-defaults:\ 8939375Smsmith# :auth=krb_skey_or_passwd,passwd,kerberos,skey: 9021526Sdavidn# 9139375Smsmith#auth-root-defaults:\ 9239375Smsmith# :auth-login=krb_skey_or_passwd,passwd,kerberos,skey:\ 9339375Smsmith# :auth-rlogin=krb_or_skey,kerberos,skey: 9421526Sdavidn# 9539375Smsmith#auth-ftp-defaults:\ 9639375Smsmith# :auth=skey_or_pwd,passwd,skey: 9721526Sdavidn# 9821526Sdavidn# 9939375Smsmith## Example defaults 10039375Smsmith## These settings are used by login(1) by default for classless users 10139375Smsmith## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 10221526Sdavidn# 10339375Smsmith#default:\ 10439375Smsmith# :cputime=infinity:\ 10539375Smsmith# :datasize-cur=22M:\ 10639375Smsmith# :stacksize-cur=8M:\ 10739375Smsmith# :memorylocked-cur=10M:\ 10839375Smsmith# :memoryuse-cur=30M:\ 10939375Smsmith# :filesize=infinity:\ 11039375Smsmith# :coredumpsize=infinity:\ 11139375Smsmith# :maxproc-cur=64:\ 11239375Smsmith# :openfiles-cur=64:\ 11339375Smsmith# :priority=0:\ 11439375Smsmith# :requirehome@:\ 11539375Smsmith# :umask=022:\ 11639375Smsmith# :tc=auth-defaults: 11721526Sdavidn# 11821526Sdavidn# 11939375Smsmith## 12039375Smsmith## standard - standard user defaults 12139375Smsmith## 12239375Smsmith#standard:\ 12339375Smsmith# :copyright=/etc/COPYRIGHT:\ 12439375Smsmith# :welcome=/etc/motd:\ 12539375Smsmith# :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,EDITOR=/usr/bin/ee:\ 12639375Smsmith# :path=~/bin /bin /usr/bin /usr/local/bin:\ 12739375Smsmith# :manpath=/usr/share/man /usr/local/man:\ 12842587Sasami# :nologin=/var/run/nologin:\ 12939375Smsmith# :cputime=1h30m:\ 13039375Smsmith# :datasize=8M:\ 13139375Smsmith# :stacksize=2M:\ 13239375Smsmith# :memorylocked=4M:\ 13339375Smsmith# :memoryuse=8M:\ 13439375Smsmith# :filesize=8M:\ 13539375Smsmith# :coredumpsize=8M:\ 13639375Smsmith# :openfiles=24:\ 13739375Smsmith# :maxproc=32:\ 13839375Smsmith# :priority=0:\ 13939375Smsmith# :requirehome:\ 14039375Smsmith# :passwordperiod=90d:\ 14139375Smsmith# :umask=002:\ 14239375Smsmith# :ignoretime@:\ 14339375Smsmith# :tc=default: 14421526Sdavidn# 14521526Sdavidn# 14639375Smsmith## 14739375Smsmith## users of X (needs more resources!) 14839375Smsmith## 14939375Smsmith#xuser:\ 15039375Smsmith# :manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\ 15139375Smsmith# :cputime=4h:\ 15239375Smsmith# :datasize=12M:\ 15339375Smsmith# :stacksize=4M:\ 15439375Smsmith# :filesize=8M:\ 15539375Smsmith# :memoryuse=16M:\ 15639375Smsmith# :openfiles=32:\ 15739375Smsmith# :maxproc=48:\ 15839375Smsmith# :tc=standard: 15925369Sache# 16025369Sache# 16139375Smsmith## 16239375Smsmith## Staff users - few restrictions and allow login anytime 16339375Smsmith## 16439375Smsmith#staff:\ 16539375Smsmith# :ignorenologin:\ 16639375Smsmith# :ignoretime:\ 16739375Smsmith# :requirehome@:\ 16839375Smsmith# :accounted@:\ 16939375Smsmith# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 17039375Smsmith# :umask=022:\ 17139375Smsmith# :tc=standard: 17239375Smsmith# 17339375Smsmith# 17439375Smsmith## 17539375Smsmith## root - fallback for root logins 17639375Smsmith## 17739375Smsmith#root:\ 17839375Smsmith# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 17939375Smsmith# :cputime=infinity:\ 18039375Smsmith# :datasize=infinity:\ 18139375Smsmith# :stacksize=infinity:\ 18239375Smsmith# :memorylocked=infinity:\ 18339375Smsmith# :memoryuse=infinity:\ 18439375Smsmith# :filesize=infinity:\ 18539375Smsmith# :coredumpsize=infinity:\ 18639375Smsmith# :openfiles=infinity:\ 18739375Smsmith# :maxproc=infinity:\ 18839375Smsmith# :memoryuse-cur=32M:\ 18939375Smsmith# :maxproc-cur=64:\ 19039375Smsmith# :openfiles-cur=1024:\ 19139375Smsmith# :priority=0:\ 19239375Smsmith# :requirehome@:\ 19339375Smsmith# :umask=022:\ 19439375Smsmith# :tc=auth-root-defaults: 19539375Smsmith# 19639375Smsmith# 19739375Smsmith## 19839375Smsmith## Settings used by /etc/rc 19939375Smsmith## 20039375Smsmith#daemon:\ 20139375Smsmith# :coredumpsize@:\ 20239375Smsmith# :coredumpsize-cur=0:\ 20339375Smsmith# :datasize=infinity:\ 20439375Smsmith# :datasize-cur@:\ 20539375Smsmith# :maxproc=512:\ 20639375Smsmith# :maxproc-cur@:\ 20739375Smsmith# :memoryuse-cur=64M:\ 20839375Smsmith# :memorylocked-cur=64M:\ 20939375Smsmith# :openfiles=1024:\ 21039375Smsmith# :openfiles-cur@:\ 21139375Smsmith# :stacksize=16M:\ 21239375Smsmith# :stacksize-cur@:\ 21339375Smsmith# :tc=default: 21439375Smsmith# 21539375Smsmith# 21639375Smsmith## 21739375Smsmith## Settings used by news subsystem 21839375Smsmith## 21939375Smsmith#news:\ 22039375Smsmith# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 22139375Smsmith# :cputime=infinity:\ 22239375Smsmith# :filesize=128M:\ 22339375Smsmith# :datasize-cur=64M:\ 22439375Smsmith# :stacksize-cur=32M:\ 22539375Smsmith# :coredumpsize-cur=0:\ 22639375Smsmith# :maxmemorysize-cur=128M:\ 22739375Smsmith# :memorylocked=32M:\ 22839375Smsmith# :maxproc=128:\ 22939375Smsmith# :openfiles=256:\ 23039375Smsmith# :tc=default: 23139375Smsmith# 23239375Smsmith# 23339375Smsmith## 23439375Smsmith## The dialer class should be used for a dialup PPP/SLIP accounts 23539375Smsmith## Welcome messages/news suppressed 23639375Smsmith## 23739375Smsmith#dialer:\ 23839375Smsmith# :hushlogin:\ 23939375Smsmith# :requirehome@:\ 24039375Smsmith# :cputime=unlimited:\ 24139375Smsmith# :filesize=2M:\ 24239375Smsmith# :datasize=2M:\ 24339375Smsmith# :stacksize=4M:\ 24439375Smsmith# :coredumpsize=0:\ 24539375Smsmith# :memoryuse=4M:\ 24639375Smsmith# :memorylocked=1M:\ 24739375Smsmith# :maxproc=16:\ 24839375Smsmith# :openfiles=32:\ 24939375Smsmith# :tc=standard: 25039375Smsmith# 25139375Smsmith# 25239375Smsmith## 25339375Smsmith## Site full-time 24/7 PPP/SLIP connections 25439375Smsmith## - no time accounting, restricted to access via dialin lines 25539375Smsmith## 25639375Smsmith#site:\ 25739375Smsmith# :ignoretime:\ 25839375Smsmith# :passwordperiod@:\ 25939375Smsmith# :refreshtime@:\ 26039375Smsmith# :refreshperiod@:\ 26139375Smsmith# :sessionlimit@:\ 26239375Smsmith# :autodelete@:\ 26339375Smsmith# :expireperiod@:\ 26439375Smsmith# :graceexpire@:\ 26539375Smsmith# :gracetime@:\ 26639375Smsmith# :warnexpire@:\ 26739375Smsmith# :warnpassword@:\ 26839375Smsmith# :idletime@:\ 26939375Smsmith# :sessiontime@:\ 27039375Smsmith# :daytime@:\ 27139375Smsmith# :weektime@:\ 27239375Smsmith# :monthtime@:\ 27339375Smsmith# :warntime@:\ 27439375Smsmith# :accounted@:\ 27539375Smsmith# :tc=dialer:\ 27639375Smsmith# :tc=staff: 27739375Smsmith# 27839375Smsmith# 27939375Smsmith## 28039375Smsmith## Example standard accounting entries for subscriber levels 28139375Smsmith## 28239375Smsmith# 28339375Smsmith#subscriber|Subscribers:\ 28439375Smsmith# :accounted:\ 28539375Smsmith# :refreshtime=180d:\ 28639375Smsmith# :refreshperiod@:\ 28739375Smsmith# :sessionlimit@:\ 28839375Smsmith# :autodelete=30d:\ 28939375Smsmith# :expireperiod=180d:\ 29039375Smsmith# :graceexpire=7d:\ 29139375Smsmith# :gracetime=10m:\ 29239375Smsmith# :warnexpire=7d:\ 29339375Smsmith# :warnpassword=7d:\ 29439375Smsmith# :idletime=30m:\ 29539375Smsmith# :sessiontime=4h:\ 29639375Smsmith# :daytime=6h:\ 29739375Smsmith# :weektime=40h:\ 29839375Smsmith# :monthtime=120h:\ 29939375Smsmith# :warntime=4h:\ 30039375Smsmith# :tc=standard: 30139375Smsmith# 30239375Smsmith# 30339375Smsmith## 30439375Smsmith## Subscriber accounts. These accounts have their login times 30539375Smsmith## accounted and have access limits applied. 30639375Smsmith## 30739375Smsmith#subppp|PPP Subscriber Accounts:\ 30839375Smsmith# :tc=dialer:\ 30939375Smsmith# :tc=subscriber: 31039375Smsmith# 31139375Smsmith# 31239375Smsmith#subslip|SLIP Subscriber Accounts:\ 31339375Smsmith# :tc=dialer:\ 31439375Smsmith# :tc=subscriber: 31539375Smsmith# 31639375Smsmith# 31739375Smsmith#subshell:Shell Subscriber Accounts:\ 31839375Smsmith# :tc=subscriber: 31939375Smsmith# 32039375Smsmith# 32139375Smsmith## 32239375Smsmith## Russian Users Accounts. Setup proper environment variables. 32339375Smsmith## 32439375Smsmith#russian:Russian Users Accounts:\ 32539375Smsmith# :charset=KOI8-R:\ 32639375Smsmith# :lang=ru_RU.KOI8-R:\ 32742113Scwt# :tc=default: 328