login.conf revision 237269 
178064Sume# login.conf - login class capabilities database.
262638Skris#
355505Sshin# Remember to rebuild the database after each change to this file:
455505Sshin#
555505Sshin#	cap_mkdb /etc/login.conf
655505Sshin#
755505Sshin# This file controls resource limits, accounting limits and
855505Sshin# default user environment settings.
955505Sshin#
1055505Sshin# $FreeBSD: head/etc/login.conf 237269 2012-06-19 14:46:18Z des $
1155505Sshin#
1255505Sshin
1355505Sshin# Default settings effectively disable resource limits, see the
1455505Sshin# examples below for a starting point to enable them.
1555505Sshin
1655505Sshin# defaults
1755505Sshin# These settings are used by login(1) by default for classless users
1855505Sshin# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
1955505Sshin#
2055505Sshin# Note that since a colon ':' is used to separate capability entries,
2155505Sshin# a \c escape sequence must be used to embed a literal colon in the
2255505Sshin# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX
2355505Sshin# AND SEMANTICS'' section of getcap(3) for more escape sequences).
2455505Sshin
2555505Sshindefault:\
2655505Sshin	:passwd_format=sha512:\
2755505Sshin	:copyright=/etc/COPYRIGHT:\
2855505Sshin	:welcome=/etc/motd:\
2955505Sshin	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
3055505Sshin	:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin ~/bin:\
3155505Sshin	:nologin=/var/run/nologin:\
3255505Sshin	:cputime=unlimited:\
3355505Sshin	:datasize=unlimited:\
3455505Sshin	:stacksize=unlimited:\
3555505Sshin	:memorylocked=unlimited:\
3655505Sshin	:memoryuse=unlimited:\
3755505Sshin	:filesize=unlimited:\
3855505Sshin	:coredumpsize=unlimited:\
3955505Sshin	:openfiles=unlimited:\
4055505Sshin	:maxproc=unlimited:\
4155505Sshin	:sbsize=unlimited:\
4255505Sshin	:vmemoryuse=unlimited:\
4355505Sshin	:swapuse=unlimited:\
4455505Sshin	:pseudoterminals=unlimited:\
4555505Sshin	:priority=0:\
4655505Sshin	:ignoretime@:\
4755505Sshin	:umask=022:
4855505Sshin
4962638Skris
5062638Skris#
5155505Sshin# A collection of common class names - forward them all to 'default'
52171135Sgnn# (login would normally do this anyway, but having a class name
5355505Sshin#  here suppresses the diagnostic)
5455505Sshin#
5555505Sshinstandard:\
5662638Skris	:tc=default:
5755505Sshinxuser:\
5855505Sshin	:tc=default:
5955505Sshinstaff:\
6055505Sshin	:tc=default:
6155505Sshindaemon:\
6255505Sshin	:tc=default:
6355505Sshinnews:\
6462638Skris	:tc=default:
6562638Skrisdialer:\
6655505Sshin	:tc=default:
6778064Sume
6878064Sume#
6955505Sshin# Root can always login
7062638Skris#
7155505Sshin# N.B.  login_getpwclass(3) will use this entry for the root account,
7255505Sshin#       in preference to 'default'.
7355505Sshinroot:\
7455505Sshin	:ignorenologin:\
7555505Sshin	:tc=default:
7662638Skris
7762638Skris#
7855505Sshin# Russian Users Accounts. Setup proper environment variables.
7955505Sshin#
8062638Skrisrussian|Russian Users Accounts:\
8162638Skris	:charset=KOI8-R:\
8262638Skris	:lang=ru_RU.KOI8-R:\
8362638Skris	:tc=default:
8455505Sshin
8555505Sshin
8655505Sshin######################################################################
8755505Sshin######################################################################
8862638Skris##
8962638Skris## Example entries
9062638Skris##
9162638Skris######################################################################
9255505Sshin######################################################################
9362638Skris
9462638Skris## Example defaults
9562638Skris## These settings are used by login(1) by default for classless users
9662638Skris## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
9755505Sshin#
98173412Skevlo#default:\
9955505Sshin#	:cputime=infinity:\
100173412Skevlo#	:datasize-cur=22M:\
101173412Skevlo#	:stacksize-cur=8M:\
10278064Sume#	:memorylocked-cur=10M:\
103173412Skevlo#	:memoryuse-cur=30M:\
10478064Sume#	:filesize=infinity:\
105173412Skevlo#	:coredumpsize=infinity:\
106173412Skevlo#	:maxproc-cur=64:\
10778064Sume#	:openfiles-cur=64:\
108173412Skevlo#	:priority=0:\
109173412Skevlo#	:requirehome@:\
11078064Sume#	:umask=022:\
111173412Skevlo#	:tc=auth-defaults:
112173412Skevlo#
11378064Sume#
114173412Skevlo##
115173412Skevlo## standard - standard user defaults
11678064Sume##
117173412Skevlo#standard:\
11878064Sume#	:copyright=/etc/COPYRIGHT:\
119173412Skevlo#	:welcome=/etc/motd:\
120173412Skevlo#	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
12178064Sume#	:path=~/bin /bin /usr/bin /usr/local/bin:\
12278064Sume#	:manpath=/usr/share/man /usr/local/man:\
12355505Sshin#	:nologin=/var/run/nologin:\
12455505Sshin#	:cputime=1h30m:\
12555505Sshin#	:datasize=8M:\
12655505Sshin#	:vmemoryuse=100M:\
12755505Sshin#	:stacksize=2M:\
12855505Sshin#	:memorylocked=4M:\
12955505Sshin#	:memoryuse=8M:\
13055505Sshin#	:filesize=8M:\
13162638Skris#	:coredumpsize=8M:\
13262638Skris#	:openfiles=24:\
13355505Sshin#	:maxproc=32:\
13455505Sshin#	:priority=0:\
13555505Sshin#	:requirehome:\
13655505Sshin#	:passwordtime=90d:\
13755505Sshin#	:umask=002:\
13855505Sshin#	:ignoretime@:\
13978064Sume#	:tc=default:
14055505Sshin#
14155505Sshin#
14255505Sshin##
14355505Sshin## users of X (needs more resources!)
14455505Sshin##
14555505Sshin#xuser:\
14655505Sshin#	:manpath=/usr/share/man /usr/local/man:\
14755505Sshin#	:cputime=4h:\
14855505Sshin#	:datasize=12M:\
14962638Skris#	:vmemoryuse=infinity:\
15078064Sume#	:stacksize=4M:\
15162638Skris#	:filesize=8M:\
15262638Skris#	:memoryuse=16M:\
15362638Skris#	:openfiles=32:\
15462638Skris#	:maxproc=48:\
15562638Skris#	:tc=standard:
15662638Skris#
15762638Skris#
158136057Sstefanf##
15962638Skris## Staff users - few restrictions and allow login anytime
16062638Skris##
16162638Skris#staff:\
16262638Skris#	:ignorenologin:\
16362638Skris#	:ignoretime:\
16462638Skris#	:requirehome@:\
165136057Sstefanf#	:accounted@:\
16662638Skris#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
16762638Skris#	:umask=022:\
16862638Skris#	:tc=standard:
16962638Skris#
17062638Skris#
17162638Skris##
172136057Sstefanf## root - fallback for root logins
17362638Skris##
17462638Skris#root:\
17562638Skris#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
17662638Skris#	:cputime=infinity:\
17762638Skris#	:datasize=infinity:\
17862638Skris#	:stacksize=infinity:\
17978064Sume#	:memorylocked=infinity:\
18055505Sshin#	:memoryuse=infinity:\
18155505Sshin#	:filesize=infinity:\
18255505Sshin#	:coredumpsize=infinity:\
18355505Sshin#	:openfiles=infinity:\
18462638Skris#	:maxproc=infinity:\
18562638Skris#	:memoryuse-cur=32M:\
18662638Skris#	:maxproc-cur=64:\
18755505Sshin#	:openfiles-cur=1024:\
18855505Sshin#	:priority=0:\
18955505Sshin#	:requirehome@:\
19055505Sshin#	:umask=022:\
19155505Sshin#	:tc=auth-root-defaults:
19255505Sshin#
19355505Sshin#
19455505Sshin##
19555505Sshin## Settings used by /etc/rc
19655505Sshin##
19762638Skris#daemon:\
19862638Skris#	:coredumpsize@:\
19962638Skris#	:coredumpsize-cur=0:\
20062638Skris#	:datasize=infinity:\
201136057Sstefanf#	:datasize-cur@:\
20262638Skris#	:maxproc=512:\
20362638Skris#	:maxproc-cur@:\
20455505Sshin#	:memoryuse-cur=64M:\
20562638Skris#	:memorylocked-cur=64M:\
20655505Sshin#	:openfiles=1024:\
20755505Sshin#	:openfiles-cur@:\
20855505Sshin#	:stacksize=16M:\
20955505Sshin#	:stacksize-cur@:\
21062638Skris#	:tc=default:
21162638Skris#
21262638Skris#
21362638Skris##
214136057Sstefanf## Settings used by news subsystem
21562638Skris##
21662638Skris#news:\
21755505Sshin#	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
21862638Skris#	:cputime=infinity:\
21955505Sshin#	:filesize=128M:\
22055505Sshin#	:datasize-cur=64M:\
22178064Sume#	:stacksize-cur=32M:\
22255505Sshin#	:coredumpsize-cur=0:\
22355505Sshin#	:maxmemorysize-cur=128M:\
22455505Sshin#	:memorylocked=32M:\
22555505Sshin#	:maxproc=128:\
22655505Sshin#	:openfiles=256:\
22755505Sshin#	:tc=default:
22855505Sshin#
22955505Sshin#
230136057Sstefanf##
23155505Sshin## The dialer class should be used for a dialup PPP account
23255505Sshin## Welcome messages/news suppressed
23355505Sshin##
23455505Sshin#dialer:\
23555505Sshin#	:hushlogin:\
23655505Sshin#	:requirehome@:\
23755505Sshin#	:cputime=unlimited:\
23855505Sshin#	:filesize=2M:\
23955505Sshin#	:datasize=2M:\
24055505Sshin#	:stacksize=4M:\
24155505Sshin#	:coredumpsize=0:\
24255505Sshin#	:memoryuse=4M:\
24355505Sshin#	:memorylocked=1M:\
24455505Sshin#	:maxproc=16:\
24555505Sshin#	:openfiles=32:\
24655505Sshin#	:tc=standard:
24755505Sshin#
24855505Sshin#
24955505Sshin##
25055505Sshin## Site full-time 24/7 PPP connection
25155505Sshin## - no time accounting, restricted to access via dialin lines
25255505Sshin##
25355505Sshin#site:\
25455505Sshin#	:ignoretime:\
25555505Sshin#	:passwordtime@:\
25655505Sshin#	:refreshtime@:\
25755505Sshin#	:refreshperiod@:\
25855505Sshin#	:sessionlimit@:\
25955505Sshin#	:autodelete@:\
26055505Sshin#	:expireperiod@:\
26155505Sshin#	:graceexpire@:\
26255505Sshin#	:gracetime@:\
26355505Sshin#	:warnexpire@:\
26478064Sume#	:warnpassword@:\
26555505Sshin#	:idletime@:\
26655505Sshin#	:sessiontime@:\
26755505Sshin#	:daytime@:\
26855505Sshin#	:weektime@:\
26955505Sshin#	:monthtime@:\
27055505Sshin#	:warntime@:\
27155505Sshin#	:accounted@:\
27262638Skris#	:tc=dialer:\
27362638Skris#	:tc=staff:
27462638Skris#
27562638Skris#
27662638Skris##
27762638Skris## Example standard accounting entries for subscriber levels
27855505Sshin##
27955505Sshin#
28055505Sshin#subscriber|Subscribers:\
28155505Sshin#	:accounted:\
28255505Sshin#	:refreshtime=180d:\
283136057Sstefanf#	:refreshperiod@:\
28455505Sshin#	:sessionlimit@:\
28555505Sshin#	:autodelete=30d:\
28655505Sshin#	:expireperiod=180d:\
28755505Sshin#	:graceexpire=7d:\
28862638Skris#	:gracetime=10m:\
28962638Skris#	:warnexpire=7d:\
29062638Skris#	:warnpassword=7d:\
29162638Skris#	:idletime=30m:\
29262638Skris#	:sessiontime=4h:\
29362638Skris#	:daytime=6h:\
29462638Skris#	:weektime=40h:\
29555505Sshin#	:monthtime=120h:\
29655505Sshin#	:warntime=4h:\
29755505Sshin#	:tc=standard:
29855505Sshin#
29955505Sshin#
30055505Sshin##
30155505Sshin## Subscriber accounts. These accounts have their login times
302136057Sstefanf## accounted and have access limits applied.
30355505Sshin##
30455505Sshin#subppp|PPP Subscriber Accounts:\
30555505Sshin#	:tc=dialer:\
30655505Sshin#	:tc=subscriber:
30755505Sshin#
308121561Sume#
30955505Sshin#subshell|Shell Subscriber Accounts:\
310121568Sume#	:tc=subscriber:
311136057Sstefanf#
31255505Sshin##
31355505Sshin## If you want some of the accounts to use traditional UNIX DES based
31455505Sshin## password hashes.
31555505Sshin##
31655505Sshin#des_users:\
31755505Sshin#	:passwd_format=des:\
31855505Sshin#	:tc=default:
31955505Sshin