login.conf revision 194767 
150397Sobrien# login.conf - login class capabilities database.
2122180Skan#
390075Sobrien# Remember to rebuild the database after each change to this file:
4122180Skan#
550397Sobrien#	cap_mkdb /etc/login.conf
650397Sobrien#
750397Sobrien# This file controls resource limits, accounting limits and
850397Sobrien# default user environment settings.
950397Sobrien#
1050397Sobrien# $FreeBSD: head/etc/login.conf 194767 2009-06-23 20:57:27Z kib $
1150397Sobrien#
1250397Sobrien
1350397Sobrien# Default settings effectively disable resource limits, see the
1450397Sobrien# examples below for a starting point to enable them.
1550397Sobrien
1650397Sobrien# defaults
1750397Sobrien# These settings are used by login(1) by default for classless users
1850397Sobrien# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
1950397Sobrien#
2050397Sobrien# Note that since a colon ':' is used to separate capability entries,
2150397Sobrien# a \c escape sequence must be used to embed a literal colon in the
2250397Sobrien# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX
23122180Skan# AND SEMANTICS'' section of getcap(3) for more escape sequences).
2450397Sobrien
2550397Sobriendefault:\
26122180Skan	:passwd_format=md5:\
27122180Skan	:copyright=/etc/COPYRIGHT:\
2850397Sobrien	:welcome=/etc/motd:\
2990075Sobrien	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
3050397Sobrien	:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin ~/bin:\
3150397Sobrien	:nologin=/var/run/nologin:\
3290075Sobrien	:cputime=unlimited:\
3350397Sobrien	:datasize=unlimited:\
3450397Sobrien	:stacksize=unlimited:\
35122180Skan	:memorylocked=unlimited:\
36122180Skan	:memoryuse=unlimited:\
37122180Skan	:filesize=unlimited:\
38122180Skan	:coredumpsize=unlimited:\
39122180Skan	:openfiles=unlimited:\
40122180Skan	:maxproc=unlimited:\
41122180Skan	:sbsize=unlimited:\
42122180Skan	:vmemoryuse=unlimited:\
43122180Skan	:swapuse=unlimited:\
44122180Skan	:pseudoterminals=unlimited:\
45122180Skan	:priority=0:\
46122180Skan	:ignoretime@:\
47122180Skan	:umask=022:
48122180Skan
4950397Sobrien
50122180Skan#
51122180Skan# A collection of common class names - forward them all to 'default'
52122180Skan# (login would normally do this anyway, but having a class name
5350397Sobrien#  here suppresses the diagnostic)
5450397Sobrien#
5550397Sobrienstandard:\
5650397Sobrien	:tc=default:
5750397Sobrienxuser:\
5850397Sobrien	:tc=default:
5950397Sobrienstaff:\
60122180Skan	:tc=default:
6150397Sobriendaemon:\
6250397Sobrien	:tc=default:
63122180Skannews:\
6450397Sobrien	:tc=default:
65122180Skandialer:\
66122180Skan	:tc=default:
67122180Skan
68117395Skan#
69117395Skan# Root can always login
70122180Skan#
7150397Sobrien# N.B.  login_getpwclass(3) will use this entry for the root account,
72122180Skan#       in preference to 'default'.
73122180Skanroot:\
7450397Sobrien	:ignorenologin:\
7550397Sobrien	:tc=default:
76122180Skan
7750397Sobrien#
7850397Sobrien# Russian Users Accounts. Setup proper environment variables.
7950397Sobrien#
8050397Sobrienrussian|Russian Users Accounts:\
8150397Sobrien	:charset=KOI8-R:\
8250397Sobrien	:lang=ru_RU.KOI8-R:\
8350397Sobrien	:tc=default:
8450397Sobrien
8550397Sobrien
8650397Sobrien######################################################################
8750397Sobrien######################################################################
8850397Sobrien##
8950397Sobrien## Example entries
9050397Sobrien##
9150397Sobrien######################################################################
9290075Sobrien######################################################################
9390075Sobrien
9450397Sobrien## Example defaults
9550397Sobrien## These settings are used by login(1) by default for classless users
9650397Sobrien## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
9750397Sobrien#
9850397Sobrien#default:\
9950397Sobrien#	:cputime=infinity:\
10050397Sobrien#	:datasize-cur=22M:\
10150397Sobrien#	:stacksize-cur=8M:\
102122180Skan#	:memorylocked-cur=10M:\
10350397Sobrien#	:memoryuse-cur=30M:\
10450397Sobrien#	:filesize=infinity:\
10550397Sobrien#	:coredumpsize=infinity:\
10650397Sobrien#	:maxproc-cur=64:\
10750397Sobrien#	:openfiles-cur=64:\
108122180Skan#	:priority=0:\
109122180Skan#	:requirehome@:\
11050397Sobrien#	:umask=022:\
11150397Sobrien#	:tc=auth-defaults:
11250397Sobrien#
11350397Sobrien#
11450397Sobrien##
11550397Sobrien## standard - standard user defaults
11650397Sobrien##
11750397Sobrien#standard:\
11850397Sobrien#	:copyright=/etc/COPYRIGHT:\
11950397Sobrien#	:welcome=/etc/motd:\
12050397Sobrien#	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
12150397Sobrien#	:path=~/bin /bin /usr/bin /usr/local/bin:\
12250397Sobrien#	:manpath=/usr/share/man /usr/local/man:\
123122180Skan#	:nologin=/var/run/nologin:\
12450397Sobrien#	:cputime=1h30m:\
12550397Sobrien#	:datasize=8M:\
12650397Sobrien#	:vmemoryuse=100M:\
12750397Sobrien#	:stacksize=2M:\
12850397Sobrien#	:memorylocked=4M:\
12950397Sobrien#	:memoryuse=8M:\
13050397Sobrien#	:filesize=8M:\
13150397Sobrien#	:coredumpsize=8M:\
13250397Sobrien#	:openfiles=24:\
13350397Sobrien#	:maxproc=32:\
13450397Sobrien#	:priority=0:\
13550397Sobrien#	:requirehome:\
13650397Sobrien#	:passwordtime=90d:\
13750397Sobrien#	:umask=002:\
13850397Sobrien#	:ignoretime@:\
139122180Skan#	:tc=default:
140122180Skan#
141122180Skan#
142122180Skan##
143122180Skan## users of X (needs more resources!)
144122180Skan##
145122180Skan#xuser:\
146122180Skan#	:manpath=/usr/share/man /usr/local/man:\
147122180Skan#	:cputime=4h:\
148122180Skan#	:datasize=12M:\
149122180Skan#	:vmemoryuse=infinity:\
150122180Skan#	:stacksize=4M:\
151122180Skan#	:filesize=8M:\
152122180Skan#	:memoryuse=16M:\
153122180Skan#	:openfiles=32:\
154122180Skan#	:maxproc=48:\
155122180Skan#	:tc=standard:
156122180Skan#
157122180Skan#
158122180Skan##
159122180Skan## Staff users - few restrictions and allow login anytime
16050397Sobrien##
16150397Sobrien#staff:\
162122180Skan#	:ignorenologin:\
163122180Skan#	:ignoretime:\
164122180Skan#	:requirehome@:\
165122180Skan#	:accounted@:\
166122180Skan#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
167122180Skan#	:umask=022:\
168122180Skan#	:tc=standard:
169122180Skan#
170122180Skan#
171122180Skan##
172122180Skan## root - fallback for root logins
173122180Skan##
174122180Skan#root:\
175122180Skan#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
17650397Sobrien#	:cputime=infinity:\
17750397Sobrien#	:datasize=infinity:\
17850397Sobrien#	:stacksize=infinity:\
17950397Sobrien#	:memorylocked=infinity:\
180122180Skan#	:memoryuse=infinity:\
18150397Sobrien#	:filesize=infinity:\
18250397Sobrien#	:coredumpsize=infinity:\
183122180Skan#	:openfiles=infinity:\
184122180Skan#	:maxproc=infinity:\
18550397Sobrien#	:memoryuse-cur=32M:\
18650397Sobrien#	:maxproc-cur=64:\
187122180Skan#	:openfiles-cur=1024:\
188122180Skan#	:priority=0:\
189122180Skan#	:requirehome@:\
190122180Skan#	:umask=022:\
191122180Skan#	:tc=auth-root-defaults:
19250397Sobrien#
19350397Sobrien#
19450397Sobrien##
195122180Skan## Settings used by /etc/rc
196122180Skan##
197122180Skan#daemon:\
19850397Sobrien#	:coredumpsize@:\
199122180Skan#	:coredumpsize-cur=0:\
200122180Skan#	:datasize=infinity:\
201122180Skan#	:datasize-cur@:\
20250397Sobrien#	:maxproc=512:\
20350397Sobrien#	:maxproc-cur@:\
204122180Skan#	:memoryuse-cur=64M:\
205122180Skan#	:memorylocked-cur=64M:\
206122180Skan#	:openfiles=1024:\
207122180Skan#	:openfiles-cur@:\
208122180Skan#	:stacksize=16M:\
209122180Skan#	:stacksize-cur@:\
210122180Skan#	:tc=default:
211122180Skan#
21250397Sobrien#
21350397Sobrien##
21450397Sobrien## Settings used by news subsystem
215122180Skan##
21650397Sobrien#news:\
217122180Skan#	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
218122180Skan#	:cputime=infinity:\
219122180Skan#	:filesize=128M:\
220122180Skan#	:datasize-cur=64M:\
221122180Skan#	:stacksize-cur=32M:\
222122180Skan#	:coredumpsize-cur=0:\
223122180Skan#	:maxmemorysize-cur=128M:\
224122180Skan#	:memorylocked=32M:\
225122180Skan#	:maxproc=128:\
226122180Skan#	:openfiles=256:\
227122180Skan#	:tc=default:
228122180Skan#
229122180Skan#
230122180Skan##
231122180Skan## The dialer class should be used for a dialup PPP/SLIP accounts
232122180Skan## Welcome messages/news suppressed
233122180Skan##
234122180Skan#dialer:\
235122180Skan#	:hushlogin:\
236117395Skan#	:requirehome@:\
23750397Sobrien#	:cputime=unlimited:\
23850397Sobrien#	:filesize=2M:\
239117395Skan#	:datasize=2M:\
240122180Skan#	:stacksize=4M:\
241122180Skan#	:coredumpsize=0:\
24250397Sobrien#	:memoryuse=4M:\
24350397Sobrien#	:memorylocked=1M:\
244117395Skan#	:maxproc=16:\
24550397Sobrien#	:openfiles=32:\
24650397Sobrien#	:tc=standard:
24750397Sobrien#
24850397Sobrien#
24950397Sobrien##
25050397Sobrien## Site full-time 24/7 PPP/SLIP connections
25150397Sobrien## - no time accounting, restricted to access via dialin lines
25250397Sobrien##
25350397Sobrien#site:\
25450397Sobrien#	:ignoretime:\
25550397Sobrien#	:passwordtime@:\
25650397Sobrien#	:refreshtime@:\
25750397Sobrien#	:refreshperiod@:\
25850397Sobrien#	:sessionlimit@:\
25950397Sobrien#	:autodelete@:\
26050397Sobrien#	:expireperiod@:\
26150397Sobrien#	:graceexpire@:\
26250397Sobrien#	:gracetime@:\
263117395Skan#	:warnexpire@:\
26450397Sobrien#	:warnpassword@:\
26550397Sobrien#	:idletime@:\
26650397Sobrien#	:sessiontime@:\
267122180Skan#	:daytime@:\
268122180Skan#	:weektime@:\
26950397Sobrien#	:monthtime@:\
27050397Sobrien#	:warntime@:\
271122180Skan#	:accounted@:\
272122180Skan#	:tc=dialer:\
273122180Skan#	:tc=staff:
274122180Skan#
27550397Sobrien#
27650397Sobrien##
27750397Sobrien## Example standard accounting entries for subscriber levels
27850397Sobrien##
27950397Sobrien#
28050397Sobrien#subscriber|Subscribers:\
281122180Skan#	:accounted:\
282122180Skan#	:refreshtime=180d:\
283122180Skan#	:refreshperiod@:\
284122180Skan#	:sessionlimit@:\
285122180Skan#	:autodelete=30d:\
28650397Sobrien#	:expireperiod=180d:\
28750397Sobrien#	:graceexpire=7d:\
28850397Sobrien#	:gracetime=10m:\
289122180Skan#	:warnexpire=7d:\
29050397Sobrien#	:warnpassword=7d:\
291122180Skan#	:idletime=30m:\
292122180Skan#	:sessiontime=4h:\
293122180Skan#	:daytime=6h:\
29450397Sobrien#	:weektime=40h:\
29550397Sobrien#	:monthtime=120h:\
29690075Sobrien#	:warntime=4h:\
29790075Sobrien#	:tc=standard:
29850397Sobrien#
29990075Sobrien#
30090075Sobrien##
30190075Sobrien## Subscriber accounts. These accounts have their login times
30290075Sobrien## accounted and have access limits applied.
30390075Sobrien##
30490075Sobrien#subppp|PPP Subscriber Accounts:\
30590075Sobrien#	:tc=dialer:\
30690075Sobrien#	:tc=subscriber:
30790075Sobrien#
30890075Sobrien#
30990075Sobrien#subslip|SLIP Subscriber Accounts:\
31090075Sobrien#	:tc=dialer:\
31190075Sobrien#	:tc=subscriber:
31290075Sobrien#
31390075Sobrien#
31490075Sobrien#subshell|Shell Subscriber Accounts:\
31590075Sobrien#	:tc=subscriber:
31690075Sobrien#
31790075Sobrien##
31890075Sobrien## If you want some of the accounts to use traditional UNIX DES based
31990075Sobrien## password hashes.
32090075Sobrien##
32190075Sobrien#des_users:\
32290075Sobrien#	:passwd_format=des:\
32390075Sobrien#	:tc=default:
32490075Sobrien