login.conf revision 237269 
1# login.conf - login class capabilities database.
2#
3# Remember to rebuild the database after each change to this file:
4#
5#	cap_mkdb /etc/login.conf
6#
7# This file controls resource limits, accounting limits and
8# default user environment settings.
9#
10# $FreeBSD: head/etc/login.conf 237269 2012-06-19 14:46:18Z des $
11#
12
13# Default settings effectively disable resource limits, see the
14# examples below for a starting point to enable them.
15
16# defaults
17# These settings are used by login(1) by default for classless users
18# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
19#
20# Note that since a colon ':' is used to separate capability entries,
21# a \c escape sequence must be used to embed a literal colon in the
22# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX
23# AND SEMANTICS'' section of getcap(3) for more escape sequences).
24
25default:\
26	:passwd_format=sha512:\
27	:copyright=/etc/COPYRIGHT:\
28	:welcome=/etc/motd:\
29	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
30	:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin ~/bin:\
31	:nologin=/var/run/nologin:\
32	:cputime=unlimited:\
33	:datasize=unlimited:\
34	:stacksize=unlimited:\
35	:memorylocked=unlimited:\
36	:memoryuse=unlimited:\
37	:filesize=unlimited:\
38	:coredumpsize=unlimited:\
39	:openfiles=unlimited:\
40	:maxproc=unlimited:\
41	:sbsize=unlimited:\
42	:vmemoryuse=unlimited:\
43	:swapuse=unlimited:\
44	:pseudoterminals=unlimited:\
45	:priority=0:\
46	:ignoretime@:\
47	:umask=022:
48
49
50#
51# A collection of common class names - forward them all to 'default'
52# (login would normally do this anyway, but having a class name
53#  here suppresses the diagnostic)
54#
55standard:\
56	:tc=default:
57xuser:\
58	:tc=default:
59staff:\
60	:tc=default:
61daemon:\
62	:tc=default:
63news:\
64	:tc=default:
65dialer:\
66	:tc=default:
67
68#
69# Root can always login
70#
71# N.B.  login_getpwclass(3) will use this entry for the root account,
72#       in preference to 'default'.
73root:\
74	:ignorenologin:\
75	:tc=default:
76
77#
78# Russian Users Accounts. Setup proper environment variables.
79#
80russian|Russian Users Accounts:\
81	:charset=KOI8-R:\
82	:lang=ru_RU.KOI8-R:\
83	:tc=default:
84
85
86######################################################################
87######################################################################
88##
89## Example entries
90##
91######################################################################
92######################################################################
93
94## Example defaults
95## These settings are used by login(1) by default for classless users
96## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
97#
98#default:\
99#	:cputime=infinity:\
100#	:datasize-cur=22M:\
101#	:stacksize-cur=8M:\
102#	:memorylocked-cur=10M:\
103#	:memoryuse-cur=30M:\
104#	:filesize=infinity:\
105#	:coredumpsize=infinity:\
106#	:maxproc-cur=64:\
107#	:openfiles-cur=64:\
108#	:priority=0:\
109#	:requirehome@:\
110#	:umask=022:\
111#	:tc=auth-defaults:
112#
113#
114##
115## standard - standard user defaults
116##
117#standard:\
118#	:copyright=/etc/COPYRIGHT:\
119#	:welcome=/etc/motd:\
120#	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
121#	:path=~/bin /bin /usr/bin /usr/local/bin:\
122#	:manpath=/usr/share/man /usr/local/man:\
123#	:nologin=/var/run/nologin:\
124#	:cputime=1h30m:\
125#	:datasize=8M:\
126#	:vmemoryuse=100M:\
127#	:stacksize=2M:\
128#	:memorylocked=4M:\
129#	:memoryuse=8M:\
130#	:filesize=8M:\
131#	:coredumpsize=8M:\
132#	:openfiles=24:\
133#	:maxproc=32:\
134#	:priority=0:\
135#	:requirehome:\
136#	:passwordtime=90d:\
137#	:umask=002:\
138#	:ignoretime@:\
139#	:tc=default:
140#
141#
142##
143## users of X (needs more resources!)
144##
145#xuser:\
146#	:manpath=/usr/share/man /usr/local/man:\
147#	:cputime=4h:\
148#	:datasize=12M:\
149#	:vmemoryuse=infinity:\
150#	:stacksize=4M:\
151#	:filesize=8M:\
152#	:memoryuse=16M:\
153#	:openfiles=32:\
154#	:maxproc=48:\
155#	:tc=standard:
156#
157#
158##
159## Staff users - few restrictions and allow login anytime
160##
161#staff:\
162#	:ignorenologin:\
163#	:ignoretime:\
164#	:requirehome@:\
165#	:accounted@:\
166#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
167#	:umask=022:\
168#	:tc=standard:
169#
170#
171##
172## root - fallback for root logins
173##
174#root:\
175#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
176#	:cputime=infinity:\
177#	:datasize=infinity:\
178#	:stacksize=infinity:\
179#	:memorylocked=infinity:\
180#	:memoryuse=infinity:\
181#	:filesize=infinity:\
182#	:coredumpsize=infinity:\
183#	:openfiles=infinity:\
184#	:maxproc=infinity:\
185#	:memoryuse-cur=32M:\
186#	:maxproc-cur=64:\
187#	:openfiles-cur=1024:\
188#	:priority=0:\
189#	:requirehome@:\
190#	:umask=022:\
191#	:tc=auth-root-defaults:
192#
193#
194##
195## Settings used by /etc/rc
196##
197#daemon:\
198#	:coredumpsize@:\
199#	:coredumpsize-cur=0:\
200#	:datasize=infinity:\
201#	:datasize-cur@:\
202#	:maxproc=512:\
203#	:maxproc-cur@:\
204#	:memoryuse-cur=64M:\
205#	:memorylocked-cur=64M:\
206#	:openfiles=1024:\
207#	:openfiles-cur@:\
208#	:stacksize=16M:\
209#	:stacksize-cur@:\
210#	:tc=default:
211#
212#
213##
214## Settings used by news subsystem
215##
216#news:\
217#	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
218#	:cputime=infinity:\
219#	:filesize=128M:\
220#	:datasize-cur=64M:\
221#	:stacksize-cur=32M:\
222#	:coredumpsize-cur=0:\
223#	:maxmemorysize-cur=128M:\
224#	:memorylocked=32M:\
225#	:maxproc=128:\
226#	:openfiles=256:\
227#	:tc=default:
228#
229#
230##
231## The dialer class should be used for a dialup PPP account
232## Welcome messages/news suppressed
233##
234#dialer:\
235#	:hushlogin:\
236#	:requirehome@:\
237#	:cputime=unlimited:\
238#	:filesize=2M:\
239#	:datasize=2M:\
240#	:stacksize=4M:\
241#	:coredumpsize=0:\
242#	:memoryuse=4M:\
243#	:memorylocked=1M:\
244#	:maxproc=16:\
245#	:openfiles=32:\
246#	:tc=standard:
247#
248#
249##
250## Site full-time 24/7 PPP connection
251## - no time accounting, restricted to access via dialin lines
252##
253#site:\
254#	:ignoretime:\
255#	:passwordtime@:\
256#	:refreshtime@:\
257#	:refreshperiod@:\
258#	:sessionlimit@:\
259#	:autodelete@:\
260#	:expireperiod@:\
261#	:graceexpire@:\
262#	:gracetime@:\
263#	:warnexpire@:\
264#	:warnpassword@:\
265#	:idletime@:\
266#	:sessiontime@:\
267#	:daytime@:\
268#	:weektime@:\
269#	:monthtime@:\
270#	:warntime@:\
271#	:accounted@:\
272#	:tc=dialer:\
273#	:tc=staff:
274#
275#
276##
277## Example standard accounting entries for subscriber levels
278##
279#
280#subscriber|Subscribers:\
281#	:accounted:\
282#	:refreshtime=180d:\
283#	:refreshperiod@:\
284#	:sessionlimit@:\
285#	:autodelete=30d:\
286#	:expireperiod=180d:\
287#	:graceexpire=7d:\
288#	:gracetime=10m:\
289#	:warnexpire=7d:\
290#	:warnpassword=7d:\
291#	:idletime=30m:\
292#	:sessiontime=4h:\
293#	:daytime=6h:\
294#	:weektime=40h:\
295#	:monthtime=120h:\
296#	:warntime=4h:\
297#	:tc=standard:
298#
299#
300##
301## Subscriber accounts. These accounts have their login times
302## accounted and have access limits applied.
303##
304#subppp|PPP Subscriber Accounts:\
305#	:tc=dialer:\
306#	:tc=subscriber:
307#
308#
309#subshell|Shell Subscriber Accounts:\
310#	:tc=subscriber:
311#
312##
313## If you want some of the accounts to use traditional UNIX DES based
314## password hashes.
315##
316#des_users:\
317#	:passwd_format=des:\
318#	:tc=default:
319