login.conf revision 21526 
1# Sample login.conf - login class capabilities database.
2# To speed up access to this data, you can use /bin/cap_mkdb
3# to create a database form of this file:
4#
5#	cap_mkdb /etc/login.conf
6#
7# Don't forget to do this after each edit as well!
8#
9# This file controls resource limits, accounting limits and
10# default user environment settings.
11#
12#	$Id$
13#
14
15
16# Authentication methods
17
18auth-defaults:\
19	:auth=krb_skey_or_passwd,passwd,kerberos,skey:
20
21auth-root-defaults:\
22	:auth-login=krb_skey_or_passwd,passwd,kerberos,skey:\
23	:auth-rlogin=krb_or_skey,kerberos,skey:\
24
25auth-ftp-defaults:\
26	:auth=skey_or_pwd,passwd,skey:
27
28
29# Example defaults
30# These settings are used by login(1) by default for classless users
31# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
32
33default:\
34	:cputime=infinity:\
35	:coredumpsize=infinity:\
36	:datasize=16M:\
37	:filesize=infinity:\
38	:maxproc=64:\
39	:memorylocked=10M:\
40	:memoryuse=30M:\
41	:openfiles=64:\
42	:priority=0:\
43	:requirehome:\
44	:stacksize=2M:\
45	:term=dumb:\
46	:umask=022:\
47	:rc=auth-defaults:
48
49
50#
51# standard - standard user defaults
52#
53standard:\
54	:copyright=/etc/COPYRIGHT:\
55	:welcome=/etc/motd:\
56	:setenv=MAIL=/var/mail/$ BLOCKSIZE=K EDITOR=/usr/bin/ee:\
57	:path=~/bin /bin /usr/bin /usr/local/bin:\
58	:manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\
59	:nologin=/etc/nologin:\
60	:coredumpsize=8M:\
61	:cputime=1h30m:\
62	:datasize=8M:\
63	:stacksize=2M:\
64	:filesize=8M:\
65	:memorylocked=4M:\
66	:memoryuse=8M:\
67	:openfiles=24:\
68	:maxproc=26:\
69	:priority=4:\
70	:requirehome:\
71	:umask=002:\
72	:ignoretime@:\
73	:tc=default:
74
75
76#
77# Staff users - few restrictions and allow login anytime
78#		display staff motd
79#
80staff:\
81	:welcome=/etc/motd-staff:\
82	:ignorenologin:\
83	:ignoretime:\
84	:requirehome@:\
85	:accounted@:\
86	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
87	:umask=022:\
88	:tc=standard:
89
90
91#
92# root - fallback for root logins
93#
94root:\
95	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
96	:umask=022:\
97	:tc=auth-root-defaults:\
98	:tc=staff:
99
100
101#
102# Settings used by /etc/rc
103#
104daemon:\
105	:cputime=unlimited:\
106	:filesize=64M:\
107	:datasize=32M:\
108	:stacksize=32M:\
109	:coredumpsize=0:\
110	:memoryuse=64M:\
111	:memorylocked=64M:\
112	:maxproc=32:\
113	:openfiles=256:\
114	:tc=default:
115
116
117#
118# Settings used by news subsystem daemons
119#
120news:\
121	:cputime=unlimited:\
122	:filesize=128:\
123	:datasize=64M:\
124	:stacksize=32M:\
125	:coredumpsize=0:\
126	:maxmemorysize=128M:\
127	:lockedmemory=32M:\
128	:maxproc=128:\
129	:openfiles=256:\
130	:tc=default:\
131
132
133#
134# The dialer class should be used for a dialup PPP/SLIP accounts
135# Welcome messages/news suppressed and a special shell selector
136#
137dialer:\
138	:hushlogin:\
139	:requirehome@:\
140	:shell=/usr/sbin/userls:\
141	:cputime=unlimited:\
142	:filesize=2M:\
143	:datasize=2M:\
144	:stacksize=4M:\
145	:coredumpsize=0:\
146	:memoryuse=4M:\
147	:memorylocked=1M:\
148	:maxproc=16:\
149	:openfiles=32:\
150	:tc=standard:
151
152
153#
154# Site full-time 24/7 PPP/SLIP connections
155# - no time accounting, restricted to access via dialin lines
156#
157site:\
158	:ignoretime:\
159	:passwordperiod@:\
160	:refreshtime@:\
161	:refreshperiod@:\
162	:sessionlimit@:\
163	:autodelete@:\
164	:expireperiod@:\
165	:graceexpire@:\
166	;gracetime@:\
167	:warnexpire@:\
168	:warnpassword@:\
169	:idletime@:\
170	:sessiontime@:\
171	:daytime@:\
172	:weektime@:\
173	:monthtime@:\
174	:warntime@:\
175	:tty.allow=dialin:\
176	:tty.deny=:\
177	:host.allow=:\
178	:host.deny=:\
179	:accounted@:
180	:tc=dialer:\
181	:tc=staff:
182
183
184#
185# Example standard accounting entries for subscriber levels
186#
187
188subscriber|Subscribers:\
189	:accounted:\
190	:passwordperiod=90d:\
191	:refreshtime=180d:\
192	:refreshperiod@:\
193	:sessionlimit@:\
194	:autodelete=30d:\
195	:expireperiod=180d:\
196	:graceexpire=7d:\
197	:gracetime=10m:\
198	:warnexpire=7d:\
199	:warnpassword=7d:\
200	:idletime=30m:\
201	:sessiontime=4h:\
202	:daytime=6h:\
203	:weektime=40h:\
204	:monthtime=120h:\
205	:warntime=4h:\
206	:tty.allow=dialin,pty,vt:\
207	:tty.deny=:\
208	:times.allow=Any0000-2400:\
209	:times.deny=Mo0900-1200,Fr2120-2130:\
210	:tc=standard:
211
212
213#
214# Subscriber accounts. These accounts have their login times
215# accounted and have access limits applied.
216# Userls is a user shell selector - do not use these classes without it!
217#
218subppp|Dual PPP/SLIP Subscriber Accounts:\
219	:shell=/usr/sbin/userls:\
220	:tc=dialer:\
221	:tc=subscriber:
222
223
224subslip|Dual PPP/SLIP Subscriber Accounts:\
225	:shell=/usr/sbin/userls:\
226	:tc=dialer:\
227	:tc=subscriber:
228
229
230subshell:Shell Subscriber Accounts:\
231	:tc=subscriber:
232
233