login.conf revision 39375 
1# Sample login.conf - login class capabilities database.
2# To speed up access to this data, you can use /usr/bin/cap_mkdb
3# to create a database form of this file:
4#
5#	cap_mkdb /etc/login.conf
6#
7# Don't forget to do this after each edit as well!
8#
9# This file controls resource limits, accounting limits and
10# default user environment settings.
11#
12#	$Id: login.conf,v 1.20 1998/03/09 03:01:47 steve Exp $
13#
14
15# Default settings effectively disable resource limits, see the
16# examples below for a starting point to enable them.
17
18# Example defaults
19# These settings are used by login(1) by default for classless users
20# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
21
22default:\
23	:copyright=/etc/COPYRIGHT:\
24	:welcome=/etc/motd:\
25	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,EDITOR=/usr/bin/ee:\
26	:path=~/bin /bin /usr/bin /usr/local/bin:\
27	:manpath=/usr/share/man /usr/local/man:\
28	:nologin=/etc/nologin:\
29	:cputime=unlimited:\
30	:datasize=unlimited:\
31	:stacksize=unlimited:\
32	:memorylocked=unlimited:\
33	:memoryuse=unlimited:\
34	:filesize=unlimited:\
35	:coredumpsize=unlimited:\
36	:openfiles=unlimited:\
37	:maxproc=unlimited:\
38	:priority=0:\
39	:ignoretime@:\
40	:umask=022:
41
42
43#
44# A collection of common class names - forward them all to 'default'
45# (login would normally do this anyway, but having a class name
46#  here suppresses the diagnostic)
47#
48standard:\
49	:tc=default:
50xuser:\
51	:tc=default:
52staff:\
53	:tc=default:
54daemon:\
55	:tc=default;
56news:\
57	:tc=default:
58dialer:\
59	:tc=default:
60
61#
62# Root can always login
63#
64root:\
65	:ignorenologin:\
66	:tc=default:
67
68#
69# Russian Users Accounts. Setup proper environment variables.
70#
71russian:Russian Users Accounts:\
72	:charset=KOI8-R:\
73	:lang=ru_RU.KOI8-R:\
74	:tc=default:
75
76
77######################################################################
78######################################################################
79##
80## Example entries
81## 
82######################################################################
83######################################################################
84
85## Authentication methods
86## Note that these are disabled by default, and libutil must
87## be rebuilt with LOGIN_CAP_AUTH defined to use them.
88#
89#auth-defaults:\
90#	:auth=krb_skey_or_passwd,passwd,kerberos,skey:
91#
92#auth-root-defaults:\
93#	:auth-login=krb_skey_or_passwd,passwd,kerberos,skey:\
94#	:auth-rlogin=krb_or_skey,kerberos,skey:
95#
96#auth-ftp-defaults:\
97#	:auth=skey_or_pwd,passwd,skey:
98#
99#
100## Example defaults
101## These settings are used by login(1) by default for classless users
102## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
103#
104#default:\
105#	:cputime=infinity:\
106#	:datasize-cur=22M:\
107#	:stacksize-cur=8M:\
108#	:memorylocked-cur=10M:\
109#	:memoryuse-cur=30M:\
110#	:filesize=infinity:\
111#	:coredumpsize=infinity:\
112#	:maxproc-cur=64:\
113#	:openfiles-cur=64:\
114#	:priority=0:\
115#	:requirehome@:\
116#	:umask=022:\
117#	:tc=auth-defaults:
118#
119#
120##
121## standard - standard user defaults
122##
123#standard:\
124#	:copyright=/etc/COPYRIGHT:\
125#	:welcome=/etc/motd:\
126#	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,EDITOR=/usr/bin/ee:\
127#	:path=~/bin /bin /usr/bin /usr/local/bin:\
128#	:manpath=/usr/share/man /usr/local/man:\
129#	:nologin=/etc/nologin:\
130#	:cputime=1h30m:\
131#	:datasize=8M:\
132#	:stacksize=2M:\
133#	:memorylocked=4M:\
134#	:memoryuse=8M:\
135#	:filesize=8M:\
136#	:coredumpsize=8M:\
137#	:openfiles=24:\
138#	:maxproc=32:\
139#	:priority=0:\
140#	:requirehome:\
141#	:passwordperiod=90d:\
142#	:umask=002:\
143#	:ignoretime@:\
144#	:tc=default:
145#
146#
147##
148## users of X (needs more resources!)
149##
150#xuser:\
151#	:manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\
152#	:cputime=4h:\
153#	:datasize=12M:\
154#	:stacksize=4M:\
155#	:filesize=8M:\
156#	:memoryuse=16M:\
157#	:openfiles=32:\
158#	:maxproc=48:\
159#	:tc=standard:
160#
161#
162##
163## Staff users - few restrictions and allow login anytime
164##
165#staff:\
166#	:ignorenologin:\
167#	:ignoretime:\
168#	:requirehome@:\
169#	:accounted@:\
170#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
171#	:umask=022:\
172#	:tc=standard:
173#
174#
175##
176## root - fallback for root logins
177##
178#root:\
179#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
180#	:cputime=infinity:\
181#	:datasize=infinity:\
182#	:stacksize=infinity:\
183#	:memorylocked=infinity:\
184#	:memoryuse=infinity:\
185#	:filesize=infinity:\
186#	:coredumpsize=infinity:\
187#	:openfiles=infinity:\
188#	:maxproc=infinity:\
189#	:memoryuse-cur=32M:\
190#	:maxproc-cur=64:\
191#	:openfiles-cur=1024:\
192#	:priority=0:\
193#	:requirehome@:\
194#	:umask=022:\
195#	:tc=auth-root-defaults:
196#
197#
198##
199## Settings used by /etc/rc
200##
201#daemon:\
202#	:coredumpsize@:\
203#	:coredumpsize-cur=0:\
204#	:datasize=infinity:\
205#	:datasize-cur@:\
206#	:maxproc=512:\
207#	:maxproc-cur@:\
208#	:memoryuse-cur=64M:\
209#	:memorylocked-cur=64M:\
210#	:openfiles=1024:\
211#	:openfiles-cur@:\
212#	:stacksize=16M:\
213#	:stacksize-cur@:\
214#	:tc=default:
215#
216#
217##
218## Settings used by news subsystem
219##
220#news:\
221#	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
222#	:cputime=infinity:\
223#	:filesize=128M:\
224#	:datasize-cur=64M:\
225#	:stacksize-cur=32M:\
226#	:coredumpsize-cur=0:\
227#	:maxmemorysize-cur=128M:\
228#	:memorylocked=32M:\
229#	:maxproc=128:\
230#	:openfiles=256:\
231#	:tc=default:
232#
233#
234##
235## The dialer class should be used for a dialup PPP/SLIP accounts
236## Welcome messages/news suppressed
237##
238#dialer:\
239#	:hushlogin:\
240#	:requirehome@:\
241#	:cputime=unlimited:\
242#	:filesize=2M:\
243#	:datasize=2M:\
244#	:stacksize=4M:\
245#	:coredumpsize=0:\
246#	:memoryuse=4M:\
247#	:memorylocked=1M:\
248#	:maxproc=16:\
249#	:openfiles=32:\
250#	:tc=standard:
251#
252#
253##
254## Site full-time 24/7 PPP/SLIP connections
255## - no time accounting, restricted to access via dialin lines
256##
257#site:\
258#	:ignoretime:\
259#	:passwordperiod@:\
260#	:refreshtime@:\
261#	:refreshperiod@:\
262#	:sessionlimit@:\
263#	:autodelete@:\
264#	:expireperiod@:\
265#	:graceexpire@:\
266#	:gracetime@:\
267#	:warnexpire@:\
268#	:warnpassword@:\
269#	:idletime@:\
270#	:sessiontime@:\
271#	:daytime@:\
272#	:weektime@:\
273#	:monthtime@:\
274#	:warntime@:\
275#	:accounted@:\
276#	:tc=dialer:\
277#	:tc=staff:
278#
279#
280##
281## Example standard accounting entries for subscriber levels
282##
283#
284#subscriber|Subscribers:\
285#	:accounted:\
286#	:refreshtime=180d:\
287#	:refreshperiod@:\
288#	:sessionlimit@:\
289#	:autodelete=30d:\
290#	:expireperiod=180d:\
291#	:graceexpire=7d:\
292#	:gracetime=10m:\
293#	:warnexpire=7d:\
294#	:warnpassword=7d:\
295#	:idletime=30m:\
296#	:sessiontime=4h:\
297#	:daytime=6h:\
298#	:weektime=40h:\
299#	:monthtime=120h:\
300#	:warntime=4h:\
301#	:tc=standard:
302#
303#
304##
305## Subscriber accounts. These accounts have their login times
306## accounted and have access limits applied.
307##
308#subppp|PPP Subscriber Accounts:\
309#	:tc=dialer:\
310#	:tc=subscriber:
311#
312#
313#subslip|SLIP Subscriber Accounts:\
314#	:tc=dialer:\
315#	:tc=subscriber:
316#
317#
318#subshell:Shell Subscriber Accounts:\
319#	:tc=subscriber:
320#
321#
322##
323## Russian Users Accounts. Setup proper environment variables.
324##
325#russian:Russian Users Accounts:\
326#	:charset=KOI8-R:\
327#	:lang=ru_RU.KOI8-R:\
328#	:tc=default: