login.conf revision 21526
1# Sample login.conf - login class capabilities database. 2# To speed up access to this data, you can use /bin/cap_mkdb 3# to create a database form of this file: 4# 5# cap_mkdb /etc/login.conf 6# 7# Don't forget to do this after each edit as well! 8# 9# This file controls resource limits, accounting limits and 10# default user environment settings. 11# 12# $Id$ 13# 14 15 16# Authentication methods 17 18auth-defaults:\ 19 :auth=krb_skey_or_passwd,passwd,kerberos,skey: 20 21auth-root-defaults:\ 22 :auth-login=krb_skey_or_passwd,passwd,kerberos,skey:\ 23 :auth-rlogin=krb_or_skey,kerberos,skey:\ 24 25auth-ftp-defaults:\ 26 :auth=skey_or_pwd,passwd,skey: 27 28 29# Example defaults 30# These settings are used by login(1) by default for classless users 31# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 32 33default:\ 34 :cputime=infinity:\ 35 :coredumpsize=infinity:\ 36 :datasize=16M:\ 37 :filesize=infinity:\ 38 :maxproc=64:\ 39 :memorylocked=10M:\ 40 :memoryuse=30M:\ 41 :openfiles=64:\ 42 :priority=0:\ 43 :requirehome:\ 44 :stacksize=2M:\ 45 :term=dumb:\ 46 :umask=022:\ 47 :rc=auth-defaults: 48 49 50# 51# standard - standard user defaults 52# 53standard:\ 54 :copyright=/etc/COPYRIGHT:\ 55 :welcome=/etc/motd:\ 56 :setenv=MAIL=/var/mail/$ BLOCKSIZE=K EDITOR=/usr/bin/ee:\ 57 :path=~/bin /bin /usr/bin /usr/local/bin:\ 58 :manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\ 59 :nologin=/etc/nologin:\ 60 :coredumpsize=8M:\ 61 :cputime=1h30m:\ 62 :datasize=8M:\ 63 :stacksize=2M:\ 64 :filesize=8M:\ 65 :memorylocked=4M:\ 66 :memoryuse=8M:\ 67 :openfiles=24:\ 68 :maxproc=26:\ 69 :priority=4:\ 70 :requirehome:\ 71 :umask=002:\ 72 :ignoretime@:\ 73 :tc=default: 74 75 76# 77# Staff users - few restrictions and allow login anytime 78# display staff motd 79# 80staff:\ 81 :welcome=/etc/motd-staff:\ 82 :ignorenologin:\ 83 :ignoretime:\ 84 :requirehome@:\ 85 :accounted@:\ 86 :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 87 :umask=022:\ 88 :tc=standard: 89 90 91# 92# root - fallback for root logins 93# 94root:\ 95 :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 96 :umask=022:\ 97 :tc=auth-root-defaults:\ 98 :tc=staff: 99 100 101# 102# Settings used by /etc/rc 103# 104daemon:\ 105 :cputime=unlimited:\ 106 :filesize=64M:\ 107 :datasize=32M:\ 108 :stacksize=32M:\ 109 :coredumpsize=0:\ 110 :memoryuse=64M:\ 111 :memorylocked=64M:\ 112 :maxproc=32:\ 113 :openfiles=256:\ 114 :tc=default: 115 116 117# 118# Settings used by news subsystem daemons 119# 120news:\ 121 :cputime=unlimited:\ 122 :filesize=128:\ 123 :datasize=64M:\ 124 :stacksize=32M:\ 125 :coredumpsize=0:\ 126 :maxmemorysize=128M:\ 127 :lockedmemory=32M:\ 128 :maxproc=128:\ 129 :openfiles=256:\ 130 :tc=default:\ 131 132 133# 134# The dialer class should be used for a dialup PPP/SLIP accounts 135# Welcome messages/news suppressed and a special shell selector 136# 137dialer:\ 138 :hushlogin:\ 139 :requirehome@:\ 140 :shell=/usr/sbin/userls:\ 141 :cputime=unlimited:\ 142 :filesize=2M:\ 143 :datasize=2M:\ 144 :stacksize=4M:\ 145 :coredumpsize=0:\ 146 :memoryuse=4M:\ 147 :memorylocked=1M:\ 148 :maxproc=16:\ 149 :openfiles=32:\ 150 :tc=standard: 151 152 153# 154# Site full-time 24/7 PPP/SLIP connections 155# - no time accounting, restricted to access via dialin lines 156# 157site:\ 158 :ignoretime:\ 159 :passwordperiod@:\ 160 :refreshtime@:\ 161 :refreshperiod@:\ 162 :sessionlimit@:\ 163 :autodelete@:\ 164 :expireperiod@:\ 165 :graceexpire@:\ 166 ;gracetime@:\ 167 :warnexpire@:\ 168 :warnpassword@:\ 169 :idletime@:\ 170 :sessiontime@:\ 171 :daytime@:\ 172 :weektime@:\ 173 :monthtime@:\ 174 :warntime@:\ 175 :tty.allow=dialin:\ 176 :tty.deny=:\ 177 :host.allow=:\ 178 :host.deny=:\ 179 :accounted@: 180 :tc=dialer:\ 181 :tc=staff: 182 183 184# 185# Example standard accounting entries for subscriber levels 186# 187 188subscriber|Subscribers:\ 189 :accounted:\ 190 :passwordperiod=90d:\ 191 :refreshtime=180d:\ 192 :refreshperiod@:\ 193 :sessionlimit@:\ 194 :autodelete=30d:\ 195 :expireperiod=180d:\ 196 :graceexpire=7d:\ 197 :gracetime=10m:\ 198 :warnexpire=7d:\ 199 :warnpassword=7d:\ 200 :idletime=30m:\ 201 :sessiontime=4h:\ 202 :daytime=6h:\ 203 :weektime=40h:\ 204 :monthtime=120h:\ 205 :warntime=4h:\ 206 :tty.allow=dialin,pty,vt:\ 207 :tty.deny=:\ 208 :times.allow=Any0000-2400:\ 209 :times.deny=Mo0900-1200,Fr2120-2130:\ 210 :tc=standard: 211 212 213# 214# Subscriber accounts. These accounts have their login times 215# accounted and have access limits applied. 216# Userls is a user shell selector - do not use these classes without it! 217# 218subppp|Dual PPP/SLIP Subscriber Accounts:\ 219 :shell=/usr/sbin/userls:\ 220 :tc=dialer:\ 221 :tc=subscriber: 222 223 224subslip|Dual PPP/SLIP Subscriber Accounts:\ 225 :shell=/usr/sbin/userls:\ 226 :tc=dialer:\ 227 :tc=subscriber: 228 229 230subshell:Shell Subscriber Accounts:\ 231 :tc=subscriber: 232 233