login.conf revision 181905
1# login.conf - login class capabilities database. 2# 3# Remember to rebuild the database after each change to this file: 4# 5# cap_mkdb /etc/login.conf 6# 7# This file controls resource limits, accounting limits and 8# default user environment settings. 9# 10# $FreeBSD: head/etc/login.conf 181905 2008-08-20 08:31:58Z ed $ 11# 12 13# Default settings effectively disable resource limits, see the 14# examples below for a starting point to enable them. 15 16# defaults 17# These settings are used by login(1) by default for classless users 18# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 19# 20# Note that since a colon ':' is used to separate capability entries, 21# a \c escape sequence must be used to embed a literal colon in the 22# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX 23# AND SEMANTICS'' section of getcap(3) for more escape sequences). 24 25default:\ 26 :passwd_format=md5:\ 27 :copyright=/etc/COPYRIGHT:\ 28 :welcome=/etc/motd:\ 29 :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\ 30 :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin ~/bin:\ 31 :nologin=/var/run/nologin:\ 32 :cputime=unlimited:\ 33 :datasize=unlimited:\ 34 :stacksize=unlimited:\ 35 :memorylocked=unlimited:\ 36 :memoryuse=unlimited:\ 37 :filesize=unlimited:\ 38 :coredumpsize=unlimited:\ 39 :openfiles=unlimited:\ 40 :maxproc=unlimited:\ 41 :sbsize=unlimited:\ 42 :vmemoryuse=unlimited:\ 43 :pseudoterminals=unlimited:\ 44 :priority=0:\ 45 :ignoretime@:\ 46 :umask=022: 47 48 49# 50# A collection of common class names - forward them all to 'default' 51# (login would normally do this anyway, but having a class name 52# here suppresses the diagnostic) 53# 54standard:\ 55 :tc=default: 56xuser:\ 57 :tc=default: 58staff:\ 59 :tc=default: 60daemon:\ 61 :tc=default: 62news:\ 63 :tc=default: 64dialer:\ 65 :tc=default: 66 67# 68# Root can always login 69# 70# N.B. login_getpwclass(3) will use this entry for the root account, 71# in preference to 'default'. 72root:\ 73 :ignorenologin:\ 74 :tc=default: 75 76# 77# Russian Users Accounts. Setup proper environment variables. 78# 79russian|Russian Users Accounts:\ 80 :charset=KOI8-R:\ 81 :lang=ru_RU.KOI8-R:\ 82 :tc=default: 83 84 85###################################################################### 86###################################################################### 87## 88## Example entries 89## 90###################################################################### 91###################################################################### 92 93## Example defaults 94## These settings are used by login(1) by default for classless users 95## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 96# 97#default:\ 98# :cputime=infinity:\ 99# :datasize-cur=22M:\ 100# :stacksize-cur=8M:\ 101# :memorylocked-cur=10M:\ 102# :memoryuse-cur=30M:\ 103# :filesize=infinity:\ 104# :coredumpsize=infinity:\ 105# :maxproc-cur=64:\ 106# :openfiles-cur=64:\ 107# :priority=0:\ 108# :requirehome@:\ 109# :umask=022:\ 110# :tc=auth-defaults: 111# 112# 113## 114## standard - standard user defaults 115## 116#standard:\ 117# :copyright=/etc/COPYRIGHT:\ 118# :welcome=/etc/motd:\ 119# :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ 120# :path=~/bin /bin /usr/bin /usr/local/bin:\ 121# :manpath=/usr/share/man /usr/local/man:\ 122# :nologin=/var/run/nologin:\ 123# :cputime=1h30m:\ 124# :datasize=8M:\ 125# :vmemoryuse=100M:\ 126# :stacksize=2M:\ 127# :memorylocked=4M:\ 128# :memoryuse=8M:\ 129# :filesize=8M:\ 130# :coredumpsize=8M:\ 131# :openfiles=24:\ 132# :maxproc=32:\ 133# :priority=0:\ 134# :requirehome:\ 135# :passwordtime=90d:\ 136# :umask=002:\ 137# :ignoretime@:\ 138# :tc=default: 139# 140# 141## 142## users of X (needs more resources!) 143## 144#xuser:\ 145# :manpath=/usr/share/man /usr/local/man:\ 146# :cputime=4h:\ 147# :datasize=12M:\ 148# :vmemoryuse=infinity:\ 149# :stacksize=4M:\ 150# :filesize=8M:\ 151# :memoryuse=16M:\ 152# :openfiles=32:\ 153# :maxproc=48:\ 154# :tc=standard: 155# 156# 157## 158## Staff users - few restrictions and allow login anytime 159## 160#staff:\ 161# :ignorenologin:\ 162# :ignoretime:\ 163# :requirehome@:\ 164# :accounted@:\ 165# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 166# :umask=022:\ 167# :tc=standard: 168# 169# 170## 171## root - fallback for root logins 172## 173#root:\ 174# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 175# :cputime=infinity:\ 176# :datasize=infinity:\ 177# :stacksize=infinity:\ 178# :memorylocked=infinity:\ 179# :memoryuse=infinity:\ 180# :filesize=infinity:\ 181# :coredumpsize=infinity:\ 182# :openfiles=infinity:\ 183# :maxproc=infinity:\ 184# :memoryuse-cur=32M:\ 185# :maxproc-cur=64:\ 186# :openfiles-cur=1024:\ 187# :priority=0:\ 188# :requirehome@:\ 189# :umask=022:\ 190# :tc=auth-root-defaults: 191# 192# 193## 194## Settings used by /etc/rc 195## 196#daemon:\ 197# :coredumpsize@:\ 198# :coredumpsize-cur=0:\ 199# :datasize=infinity:\ 200# :datasize-cur@:\ 201# :maxproc=512:\ 202# :maxproc-cur@:\ 203# :memoryuse-cur=64M:\ 204# :memorylocked-cur=64M:\ 205# :openfiles=1024:\ 206# :openfiles-cur@:\ 207# :stacksize=16M:\ 208# :stacksize-cur@:\ 209# :tc=default: 210# 211# 212## 213## Settings used by news subsystem 214## 215#news:\ 216# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 217# :cputime=infinity:\ 218# :filesize=128M:\ 219# :datasize-cur=64M:\ 220# :stacksize-cur=32M:\ 221# :coredumpsize-cur=0:\ 222# :maxmemorysize-cur=128M:\ 223# :memorylocked=32M:\ 224# :maxproc=128:\ 225# :openfiles=256:\ 226# :tc=default: 227# 228# 229## 230## The dialer class should be used for a dialup PPP/SLIP accounts 231## Welcome messages/news suppressed 232## 233#dialer:\ 234# :hushlogin:\ 235# :requirehome@:\ 236# :cputime=unlimited:\ 237# :filesize=2M:\ 238# :datasize=2M:\ 239# :stacksize=4M:\ 240# :coredumpsize=0:\ 241# :memoryuse=4M:\ 242# :memorylocked=1M:\ 243# :maxproc=16:\ 244# :openfiles=32:\ 245# :tc=standard: 246# 247# 248## 249## Site full-time 24/7 PPP/SLIP connections 250## - no time accounting, restricted to access via dialin lines 251## 252#site:\ 253# :ignoretime:\ 254# :passwordtime@:\ 255# :refreshtime@:\ 256# :refreshperiod@:\ 257# :sessionlimit@:\ 258# :autodelete@:\ 259# :expireperiod@:\ 260# :graceexpire@:\ 261# :gracetime@:\ 262# :warnexpire@:\ 263# :warnpassword@:\ 264# :idletime@:\ 265# :sessiontime@:\ 266# :daytime@:\ 267# :weektime@:\ 268# :monthtime@:\ 269# :warntime@:\ 270# :accounted@:\ 271# :tc=dialer:\ 272# :tc=staff: 273# 274# 275## 276## Example standard accounting entries for subscriber levels 277## 278# 279#subscriber|Subscribers:\ 280# :accounted:\ 281# :refreshtime=180d:\ 282# :refreshperiod@:\ 283# :sessionlimit@:\ 284# :autodelete=30d:\ 285# :expireperiod=180d:\ 286# :graceexpire=7d:\ 287# :gracetime=10m:\ 288# :warnexpire=7d:\ 289# :warnpassword=7d:\ 290# :idletime=30m:\ 291# :sessiontime=4h:\ 292# :daytime=6h:\ 293# :weektime=40h:\ 294# :monthtime=120h:\ 295# :warntime=4h:\ 296# :tc=standard: 297# 298# 299## 300## Subscriber accounts. These accounts have their login times 301## accounted and have access limits applied. 302## 303#subppp|PPP Subscriber Accounts:\ 304# :tc=dialer:\ 305# :tc=subscriber: 306# 307# 308#subslip|SLIP Subscriber Accounts:\ 309# :tc=dialer:\ 310# :tc=subscriber: 311# 312# 313#subshell|Shell Subscriber Accounts:\ 314# :tc=subscriber: 315# 316## 317## If you want some of the accounts to use traditional UNIX DES based 318## password hashes. 319## 320#des_users:\ 321# :passwd_format=des:\ 322# :tc=default: 323