login.conf revision 181905 
1# login.conf - login class capabilities database.
2#
3# Remember to rebuild the database after each change to this file:
4#
5#	cap_mkdb /etc/login.conf
6#
7# This file controls resource limits, accounting limits and
8# default user environment settings.
9#
10# $FreeBSD: head/etc/login.conf 181905 2008-08-20 08:31:58Z ed $
11#
12
13# Default settings effectively disable resource limits, see the
14# examples below for a starting point to enable them.
15
16# defaults
17# These settings are used by login(1) by default for classless users
18# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
19#
20# Note that since a colon ':' is used to separate capability entries,
21# a \c escape sequence must be used to embed a literal colon in the
22# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX
23# AND SEMANTICS'' section of getcap(3) for more escape sequences).
24
25default:\
26	:passwd_format=md5:\
27	:copyright=/etc/COPYRIGHT:\
28	:welcome=/etc/motd:\
29	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
30	:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin ~/bin:\
31	:nologin=/var/run/nologin:\
32	:cputime=unlimited:\
33	:datasize=unlimited:\
34	:stacksize=unlimited:\
35	:memorylocked=unlimited:\
36	:memoryuse=unlimited:\
37	:filesize=unlimited:\
38	:coredumpsize=unlimited:\
39	:openfiles=unlimited:\
40	:maxproc=unlimited:\
41	:sbsize=unlimited:\
42	:vmemoryuse=unlimited:\
43	:pseudoterminals=unlimited:\
44	:priority=0:\
45	:ignoretime@:\
46	:umask=022:
47
48
49#
50# A collection of common class names - forward them all to 'default'
51# (login would normally do this anyway, but having a class name
52#  here suppresses the diagnostic)
53#
54standard:\
55	:tc=default:
56xuser:\
57	:tc=default:
58staff:\
59	:tc=default:
60daemon:\
61	:tc=default:
62news:\
63	:tc=default:
64dialer:\
65	:tc=default:
66
67#
68# Root can always login
69#
70# N.B.  login_getpwclass(3) will use this entry for the root account,
71#       in preference to 'default'.
72root:\
73	:ignorenologin:\
74	:tc=default:
75
76#
77# Russian Users Accounts. Setup proper environment variables.
78#
79russian|Russian Users Accounts:\
80	:charset=KOI8-R:\
81	:lang=ru_RU.KOI8-R:\
82	:tc=default:
83
84
85######################################################################
86######################################################################
87##
88## Example entries
89##
90######################################################################
91######################################################################
92
93## Example defaults
94## These settings are used by login(1) by default for classless users
95## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
96#
97#default:\
98#	:cputime=infinity:\
99#	:datasize-cur=22M:\
100#	:stacksize-cur=8M:\
101#	:memorylocked-cur=10M:\
102#	:memoryuse-cur=30M:\
103#	:filesize=infinity:\
104#	:coredumpsize=infinity:\
105#	:maxproc-cur=64:\
106#	:openfiles-cur=64:\
107#	:priority=0:\
108#	:requirehome@:\
109#	:umask=022:\
110#	:tc=auth-defaults:
111#
112#
113##
114## standard - standard user defaults
115##
116#standard:\
117#	:copyright=/etc/COPYRIGHT:\
118#	:welcome=/etc/motd:\
119#	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
120#	:path=~/bin /bin /usr/bin /usr/local/bin:\
121#	:manpath=/usr/share/man /usr/local/man:\
122#	:nologin=/var/run/nologin:\
123#	:cputime=1h30m:\
124#	:datasize=8M:\
125#	:vmemoryuse=100M:\
126#	:stacksize=2M:\
127#	:memorylocked=4M:\
128#	:memoryuse=8M:\
129#	:filesize=8M:\
130#	:coredumpsize=8M:\
131#	:openfiles=24:\
132#	:maxproc=32:\
133#	:priority=0:\
134#	:requirehome:\
135#	:passwordtime=90d:\
136#	:umask=002:\
137#	:ignoretime@:\
138#	:tc=default:
139#
140#
141##
142## users of X (needs more resources!)
143##
144#xuser:\
145#	:manpath=/usr/share/man /usr/local/man:\
146#	:cputime=4h:\
147#	:datasize=12M:\
148#	:vmemoryuse=infinity:\
149#	:stacksize=4M:\
150#	:filesize=8M:\
151#	:memoryuse=16M:\
152#	:openfiles=32:\
153#	:maxproc=48:\
154#	:tc=standard:
155#
156#
157##
158## Staff users - few restrictions and allow login anytime
159##
160#staff:\
161#	:ignorenologin:\
162#	:ignoretime:\
163#	:requirehome@:\
164#	:accounted@:\
165#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
166#	:umask=022:\
167#	:tc=standard:
168#
169#
170##
171## root - fallback for root logins
172##
173#root:\
174#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
175#	:cputime=infinity:\
176#	:datasize=infinity:\
177#	:stacksize=infinity:\
178#	:memorylocked=infinity:\
179#	:memoryuse=infinity:\
180#	:filesize=infinity:\
181#	:coredumpsize=infinity:\
182#	:openfiles=infinity:\
183#	:maxproc=infinity:\
184#	:memoryuse-cur=32M:\
185#	:maxproc-cur=64:\
186#	:openfiles-cur=1024:\
187#	:priority=0:\
188#	:requirehome@:\
189#	:umask=022:\
190#	:tc=auth-root-defaults:
191#
192#
193##
194## Settings used by /etc/rc
195##
196#daemon:\
197#	:coredumpsize@:\
198#	:coredumpsize-cur=0:\
199#	:datasize=infinity:\
200#	:datasize-cur@:\
201#	:maxproc=512:\
202#	:maxproc-cur@:\
203#	:memoryuse-cur=64M:\
204#	:memorylocked-cur=64M:\
205#	:openfiles=1024:\
206#	:openfiles-cur@:\
207#	:stacksize=16M:\
208#	:stacksize-cur@:\
209#	:tc=default:
210#
211#
212##
213## Settings used by news subsystem
214##
215#news:\
216#	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
217#	:cputime=infinity:\
218#	:filesize=128M:\
219#	:datasize-cur=64M:\
220#	:stacksize-cur=32M:\
221#	:coredumpsize-cur=0:\
222#	:maxmemorysize-cur=128M:\
223#	:memorylocked=32M:\
224#	:maxproc=128:\
225#	:openfiles=256:\
226#	:tc=default:
227#
228#
229##
230## The dialer class should be used for a dialup PPP/SLIP accounts
231## Welcome messages/news suppressed
232##
233#dialer:\
234#	:hushlogin:\
235#	:requirehome@:\
236#	:cputime=unlimited:\
237#	:filesize=2M:\
238#	:datasize=2M:\
239#	:stacksize=4M:\
240#	:coredumpsize=0:\
241#	:memoryuse=4M:\
242#	:memorylocked=1M:\
243#	:maxproc=16:\
244#	:openfiles=32:\
245#	:tc=standard:
246#
247#
248##
249## Site full-time 24/7 PPP/SLIP connections
250## - no time accounting, restricted to access via dialin lines
251##
252#site:\
253#	:ignoretime:\
254#	:passwordtime@:\
255#	:refreshtime@:\
256#	:refreshperiod@:\
257#	:sessionlimit@:\
258#	:autodelete@:\
259#	:expireperiod@:\
260#	:graceexpire@:\
261#	:gracetime@:\
262#	:warnexpire@:\
263#	:warnpassword@:\
264#	:idletime@:\
265#	:sessiontime@:\
266#	:daytime@:\
267#	:weektime@:\
268#	:monthtime@:\
269#	:warntime@:\
270#	:accounted@:\
271#	:tc=dialer:\
272#	:tc=staff:
273#
274#
275##
276## Example standard accounting entries for subscriber levels
277##
278#
279#subscriber|Subscribers:\
280#	:accounted:\
281#	:refreshtime=180d:\
282#	:refreshperiod@:\
283#	:sessionlimit@:\
284#	:autodelete=30d:\
285#	:expireperiod=180d:\
286#	:graceexpire=7d:\
287#	:gracetime=10m:\
288#	:warnexpire=7d:\
289#	:warnpassword=7d:\
290#	:idletime=30m:\
291#	:sessiontime=4h:\
292#	:daytime=6h:\
293#	:weektime=40h:\
294#	:monthtime=120h:\
295#	:warntime=4h:\
296#	:tc=standard:
297#
298#
299##
300## Subscriber accounts. These accounts have their login times
301## accounted and have access limits applied.
302##
303#subppp|PPP Subscriber Accounts:\
304#	:tc=dialer:\
305#	:tc=subscriber:
306#
307#
308#subslip|SLIP Subscriber Accounts:\
309#	:tc=dialer:\
310#	:tc=subscriber:
311#
312#
313#subshell|Shell Subscriber Accounts:\
314#	:tc=subscriber:
315#
316##
317## If you want some of the accounts to use traditional UNIX DES based
318## password hashes.
319##
320#des_users:\
321#	:passwd_format=des:\
322#	:tc=default:
323