1# login.conf - login class capabilities database. 2# 3# Remember to rebuild the database after each change to this file: 4# 5# cap_mkdb /etc/login.conf 6# 7# This file controls resource limits, accounting limits and 8# default user environment settings. 9# 10# $FreeBSD$ 11# 12 13# Default settings effectively disable resource limits, see the 14# examples below for a starting point to enable them. 15 16# defaults 17# These settings are used by login(1) by default for classless users 18# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 19# 20# Note that since a colon ':' is used to separate capability entries, 21# a \c escape sequence must be used to embed a literal colon in the 22# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX 23# AND SEMANTICS'' section of getcap(3) for more escape sequences). 24 25default:\ 26 :passwd_format=sha512:\ 27 :copyright=/etc/COPYRIGHT:\ 28 :welcome=/etc/motd:\ 29 :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ 30 :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin ~/bin:\ 31 :nologin=/var/run/nologin:\ 32 :cputime=unlimited:\ 33 :datasize=unlimited:\ 34 :stacksize=unlimited:\ 35 :memorylocked=64K:\ 36 :memoryuse=unlimited:\ 37 :filesize=unlimited:\ 38 :coredumpsize=unlimited:\ 39 :openfiles=unlimited:\ 40 :maxproc=unlimited:\ 41 :sbsize=unlimited:\ 42 :vmemoryuse=unlimited:\ 43 :swapuse=unlimited:\ 44 :pseudoterminals=unlimited:\ 45 :priority=0:\ 46 :ignoretime@:\ 47 :umask=022: 48 49 50# 51# A collection of common class names - forward them all to 'default' 52# (login would normally do this anyway, but having a class name 53# here suppresses the diagnostic) 54# 55standard:\ 56 :tc=default: 57xuser:\ 58 :tc=default: 59staff:\ 60 :tc=default: 61daemon:\ 62 :memorylocked=128M:\ 63 :tc=default: 64news:\ 65 :tc=default: 66dialer:\ 67 :tc=default: 68 69# 70# Root can always login 71# 72# N.B. login_getpwclass(3) will use this entry for the root account, 73# in preference to 'default'. 74root:\ 75 :ignorenologin:\ 76 :memorylocked=unlimited:\ 77 :tc=default: 78 79# 80# Russian Users Accounts. Setup proper environment variables. 81# 82russian|Russian Users Accounts:\ 83 :charset=KOI8-R:\ 84 :lang=ru_RU.KOI8-R:\ 85 :tc=default: 86 87 88###################################################################### 89###################################################################### 90## 91## Example entries 92## 93###################################################################### 94###################################################################### 95 96## Example defaults 97## These settings are used by login(1) by default for classless users 98## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 99# 100#default:\ 101# :cputime=infinity:\ 102# :datasize-cur=22M:\ 103# :stacksize-cur=8M:\ 104# :memorylocked-cur=10M:\ 105# :memoryuse-cur=30M:\ 106# :filesize=infinity:\ 107# :coredumpsize=infinity:\ 108# :maxproc-cur=64:\ 109# :openfiles-cur=64:\ 110# :priority=0:\ 111# :requirehome@:\ 112# :umask=022:\ 113# :tc=auth-defaults: 114# 115# 116## 117## standard - standard user defaults 118## 119#standard:\ 120# :copyright=/etc/COPYRIGHT:\ 121# :welcome=/etc/motd:\ 122# :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ 123# :path=~/bin /bin /usr/bin /usr/local/bin:\ 124# :manpath=/usr/share/man /usr/local/man:\ 125# :nologin=/var/run/nologin:\ 126# :cputime=1h30m:\ 127# :datasize=8M:\ 128# :vmemoryuse=100M:\ 129# :stacksize=2M:\ 130# :memorylocked=4M:\ 131# :memoryuse=8M:\ 132# :filesize=8M:\ 133# :coredumpsize=8M:\ 134# :openfiles=24:\ 135# :maxproc=32:\ 136# :priority=0:\ 137# :requirehome:\ 138# :passwordtime=90d:\ 139# :umask=002:\ 140# :ignoretime@:\ 141# :tc=default: 142# 143# 144## 145## users of X (needs more resources!) 146## 147#xuser:\ 148# :manpath=/usr/share/man /usr/local/man:\ 149# :cputime=4h:\ 150# :datasize=12M:\ 151# :vmemoryuse=infinity:\ 152# :stacksize=4M:\ 153# :filesize=8M:\ 154# :memoryuse=16M:\ 155# :openfiles=32:\ 156# :maxproc=48:\ 157# :tc=standard: 158# 159# 160## 161## Staff users - few restrictions and allow login anytime 162## 163#staff:\ 164# :ignorenologin:\ 165# :ignoretime:\ 166# :requirehome@:\ 167# :accounted@:\ 168# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 169# :umask=022:\ 170# :tc=standard: 171# 172# 173## 174## root - fallback for root logins 175## 176#root:\ 177# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 178# :cputime=infinity:\ 179# :datasize=infinity:\ 180# :stacksize=infinity:\ 181# :memorylocked=infinity:\ 182# :memoryuse=infinity:\ 183# :filesize=infinity:\ 184# :coredumpsize=infinity:\ 185# :openfiles=infinity:\ 186# :maxproc=infinity:\ 187# :memoryuse-cur=32M:\ 188# :maxproc-cur=64:\ 189# :openfiles-cur=1024:\ 190# :priority=0:\ 191# :requirehome@:\ 192# :umask=022:\ 193# :tc=auth-root-defaults: 194# 195# 196## 197## Settings used by /etc/rc 198## 199#daemon:\ 200# :coredumpsize@:\ 201# :coredumpsize-cur=0:\ 202# :datasize=infinity:\ 203# :datasize-cur@:\ 204# :maxproc=512:\ 205# :maxproc-cur@:\ 206# :memoryuse-cur=64M:\ 207# :memorylocked-cur=64M:\ 208# :openfiles=1024:\ 209# :openfiles-cur@:\ 210# :stacksize=16M:\ 211# :stacksize-cur@:\ 212# :tc=default: 213# 214# 215## 216## Settings used by news subsystem 217## 218#news:\ 219# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 220# :cputime=infinity:\ 221# :filesize=128M:\ 222# :datasize-cur=64M:\ 223# :stacksize-cur=32M:\ 224# :coredumpsize-cur=0:\ 225# :maxmemorysize-cur=128M:\ 226# :memorylocked=32M:\ 227# :maxproc=128:\ 228# :openfiles=256:\ 229# :tc=default: 230# 231# 232## 233## The dialer class should be used for a dialup PPP account 234## Welcome messages/news suppressed 235## 236#dialer:\ 237# :hushlogin:\ 238# :requirehome@:\ 239# :cputime=unlimited:\ 240# :filesize=2M:\ 241# :datasize=2M:\ 242# :stacksize=4M:\ 243# :coredumpsize=0:\ 244# :memoryuse=4M:\ 245# :memorylocked=1M:\ 246# :maxproc=16:\ 247# :openfiles=32:\ 248# :tc=standard: 249# 250# 251## 252## Site full-time 24/7 PPP connection 253## - no time accounting, restricted to access via dialin lines 254## 255#site:\ 256# :ignoretime:\ 257# :passwordtime@:\ 258# :refreshtime@:\ 259# :refreshperiod@:\ 260# :sessionlimit@:\ 261# :autodelete@:\ 262# :expireperiod@:\ 263# :graceexpire@:\ 264# :gracetime@:\ 265# :warnexpire@:\ 266# :warnpassword@:\ 267# :idletime@:\ 268# :sessiontime@:\ 269# :daytime@:\ 270# :weektime@:\ 271# :monthtime@:\ 272# :warntime@:\ 273# :accounted@:\ 274# :tc=dialer:\ 275# :tc=staff: 276# 277# 278## 279## Example standard accounting entries for subscriber levels 280## 281# 282#subscriber|Subscribers:\ 283# :accounted:\ 284# :refreshtime=180d:\ 285# :refreshperiod@:\ 286# :sessionlimit@:\ 287# :autodelete=30d:\ 288# :expireperiod=180d:\ 289# :graceexpire=7d:\ 290# :gracetime=10m:\ 291# :warnexpire=7d:\ 292# :warnpassword=7d:\ 293# :idletime=30m:\ 294# :sessiontime=4h:\ 295# :daytime=6h:\ 296# :weektime=40h:\ 297# :monthtime=120h:\ 298# :warntime=4h:\ 299# :tc=standard: 300# 301# 302## 303## Subscriber accounts. These accounts have their login times 304## accounted and have access limits applied. 305## 306#subppp|PPP Subscriber Accounts:\ 307# :tc=dialer:\ 308# :tc=subscriber: 309# 310# 311#subshell|Shell Subscriber Accounts:\ 312# :tc=subscriber: 313# 314## 315## If you want some of the accounts to use traditional UNIX DES based 316## password hashes. 317## 318#des_users:\ 319# :passwd_format=des:\ 320# :tc=default: 321