login.conf revision 69015 
1# login.conf - login class capabilities database.
2#
3# Remember to rebuild the database after each change to this file:
4#
5#	cap_mkdb /etc/login.conf
6#
7# This file controls resource limits, accounting limits and
8# default user environment settings.
9#
10# $FreeBSD: head/etc/login.conf 69015 2000-11-21 23:25:39Z obrien $
11#
12
13# Default settings effectively disable resource limits, see the
14# examples below for a starting point to enable them.
15
16# defaults
17# These settings are used by login(1) by default for classless users
18# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
19
20default:\
21	:passwd_format=md5:\
22	:copyright=/etc/COPYRIGHT:\
23	:welcome=/etc/motd:\
24	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
25	:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
26	:nologin=/var/run/nologin:\
27	:cputime=unlimited:\
28	:datasize=unlimited:\
29	:stacksize=unlimited:\
30	:memorylocked=unlimited:\
31	:memoryuse=unlimited:\
32	:filesize=unlimited:\
33	:coredumpsize=unlimited:\
34	:openfiles=unlimited:\
35	:maxproc=unlimited:\
36	:sbsize=unlimited:\
37	:priority=0:\
38	:ignoretime@:\
39	:umask=022:
40
41
42#
43# A collection of common class names - forward them all to 'default'
44# (login would normally do this anyway, but having a class name
45#  here suppresses the diagnostic)
46#
47standard:\
48	:tc=default:
49xuser:\
50	:tc=default:
51staff:\
52	:tc=default:
53daemon:\
54	:tc=default:
55news:\
56	:tc=default:
57dialer:\
58	:tc=default:
59
60#
61# Root can always login
62#
63# N.B.  login_getpwclass(3) will use this entry for the root account,
64#       in preference to 'default'.
65root:\
66	:ignorenologin:\
67	:tc=default:
68
69#
70# Russian Users Accounts. Setup proper environment variables.
71#
72russian:Russian Users Accounts:\
73	:charset=KOI8-R:\
74	:lang=ru_RU.KOI8-R:\
75	:tc=default:
76
77
78######################################################################
79######################################################################
80##
81## Example entries
82## 
83######################################################################
84######################################################################
85
86## Example defaults
87## These settings are used by login(1) by default for classless users
88## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
89#
90#default:\
91#	:cputime=infinity:\
92#	:datasize-cur=22M:\
93#	:stacksize-cur=8M:\
94#	:memorylocked-cur=10M:\
95#	:memoryuse-cur=30M:\
96#	:filesize=infinity:\
97#	:coredumpsize=infinity:\
98#	:maxproc-cur=64:\
99#	:openfiles-cur=64:\
100#	:priority=0:\
101#	:requirehome@:\
102#	:umask=022:\
103#	:tc=auth-defaults:
104#
105#
106##
107## standard - standard user defaults
108##
109#standard:\
110#	:copyright=/etc/COPYRIGHT:\
111#	:welcome=/etc/motd:\
112#	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
113#	:path=~/bin /bin /usr/bin /usr/local/bin:\
114#	:manpath=/usr/share/man /usr/local/man:\
115#	:nologin=/var/run/nologin:\
116#	:cputime=1h30m:\
117#	:datasize=8M:\
118#	:stacksize=2M:\
119#	:memorylocked=4M:\
120#	:memoryuse=8M:\
121#	:filesize=8M:\
122#	:coredumpsize=8M:\
123#	:openfiles=24:\
124#	:maxproc=32:\
125#	:priority=0:\
126#	:requirehome:\
127#	:passwordtime=90d:\
128#	:umask=002:\
129#	:ignoretime@:\
130#	:tc=default:
131#
132#
133##
134## users of X (needs more resources!)
135##
136#xuser:\
137#	:manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\
138#	:cputime=4h:\
139#	:datasize=12M:\
140#	:stacksize=4M:\
141#	:filesize=8M:\
142#	:memoryuse=16M:\
143#	:openfiles=32:\
144#	:maxproc=48:\
145#	:tc=standard:
146#
147#
148##
149## Staff users - few restrictions and allow login anytime
150##
151#staff:\
152#	:ignorenologin:\
153#	:ignoretime:\
154#	:requirehome@:\
155#	:accounted@:\
156#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
157#	:umask=022:\
158#	:tc=standard:
159#
160#
161##
162## root - fallback for root logins
163##
164#root:\
165#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
166#	:cputime=infinity:\
167#	:datasize=infinity:\
168#	:stacksize=infinity:\
169#	:memorylocked=infinity:\
170#	:memoryuse=infinity:\
171#	:filesize=infinity:\
172#	:coredumpsize=infinity:\
173#	:openfiles=infinity:\
174#	:maxproc=infinity:\
175#	:memoryuse-cur=32M:\
176#	:maxproc-cur=64:\
177#	:openfiles-cur=1024:\
178#	:priority=0:\
179#	:requirehome@:\
180#	:umask=022:\
181#	:tc=auth-root-defaults:
182#
183#
184##
185## Settings used by /etc/rc
186##
187#daemon:\
188#	:coredumpsize@:\
189#	:coredumpsize-cur=0:\
190#	:datasize=infinity:\
191#	:datasize-cur@:\
192#	:maxproc=512:\
193#	:maxproc-cur@:\
194#	:memoryuse-cur=64M:\
195#	:memorylocked-cur=64M:\
196#	:openfiles=1024:\
197#	:openfiles-cur@:\
198#	:stacksize=16M:\
199#	:stacksize-cur@:\
200#	:tc=default:
201#
202#
203##
204## Settings used by news subsystem
205##
206#news:\
207#	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
208#	:cputime=infinity:\
209#	:filesize=128M:\
210#	:datasize-cur=64M:\
211#	:stacksize-cur=32M:\
212#	:coredumpsize-cur=0:\
213#	:maxmemorysize-cur=128M:\
214#	:memorylocked=32M:\
215#	:maxproc=128:\
216#	:openfiles=256:\
217#	:tc=default:
218#
219#
220##
221## The dialer class should be used for a dialup PPP/SLIP accounts
222## Welcome messages/news suppressed
223##
224#dialer:\
225#	:hushlogin:\
226#	:requirehome@:\
227#	:cputime=unlimited:\
228#	:filesize=2M:\
229#	:datasize=2M:\
230#	:stacksize=4M:\
231#	:coredumpsize=0:\
232#	:memoryuse=4M:\
233#	:memorylocked=1M:\
234#	:maxproc=16:\
235#	:openfiles=32:\
236#	:tc=standard:
237#
238#
239##
240## Site full-time 24/7 PPP/SLIP connections
241## - no time accounting, restricted to access via dialin lines
242##
243#site:\
244#	:ignoretime:\
245#	:passwordtime@:\
246#	:refreshtime@:\
247#	:refreshperiod@:\
248#	:sessionlimit@:\
249#	:autodelete@:\
250#	:expireperiod@:\
251#	:graceexpire@:\
252#	:gracetime@:\
253#	:warnexpire@:\
254#	:warnpassword@:\
255#	:idletime@:\
256#	:sessiontime@:\
257#	:daytime@:\
258#	:weektime@:\
259#	:monthtime@:\
260#	:warntime@:\
261#	:accounted@:\
262#	:tc=dialer:\
263#	:tc=staff:
264#
265#
266##
267## Example standard accounting entries for subscriber levels
268##
269#
270#subscriber|Subscribers:\
271#	:accounted:\
272#	:refreshtime=180d:\
273#	:refreshperiod@:\
274#	:sessionlimit@:\
275#	:autodelete=30d:\
276#	:expireperiod=180d:\
277#	:graceexpire=7d:\
278#	:gracetime=10m:\
279#	:warnexpire=7d:\
280#	:warnpassword=7d:\
281#	:idletime=30m:\
282#	:sessiontime=4h:\
283#	:daytime=6h:\
284#	:weektime=40h:\
285#	:monthtime=120h:\
286#	:warntime=4h:\
287#	:tc=standard:
288#
289#
290##
291## Subscriber accounts. These accounts have their login times
292## accounted and have access limits applied.
293##
294#subppp|PPP Subscriber Accounts:\
295#	:tc=dialer:\
296#	:tc=subscriber:
297#
298#
299#subslip|SLIP Subscriber Accounts:\
300#	:tc=dialer:\
301#	:tc=subscriber:
302#
303#
304#subshell:Shell Subscriber Accounts:\
305#	:tc=subscriber:
306#
307##
308## If you want some of the accounts to use traditional UNIX DES based
309## password hashes.
310##
311#des_users:\
312#	:password_format=des:\
313#	:tc=default:
314