1# login.conf - login class capabilities database.
2#
3# Remember to rebuild the database after each change to this file:
4#
5#	cap_mkdb /etc/login.conf
6#
7# This file controls resource limits, accounting limits and
8# default user environment settings.
9#
10# $FreeBSD$
11#
12
13# Default settings effectively disable resource limits, see the
14# examples below for a starting point to enable them.
15
16# defaults
17# These settings are used by login(1) by default for classless users
18# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
19#
20# Note that since a colon ':' is used to separate capability entries,
21# a \c escape sequence must be used to embed a literal colon in the
22# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX
23# AND SEMANTICS'' section of getcap(3) for more escape sequences).
24
25default:\
26	:passwd_format=sha512:\
27	:copyright=/etc/COPYRIGHT:\
28	:welcome=/etc/motd:\
29	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
30	:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin ~/bin:\
31	:nologin=/var/run/nologin:\
32	:cputime=unlimited:\
33	:datasize=unlimited:\
34	:stacksize=unlimited:\
35	:memorylocked=64K:\
36	:memoryuse=unlimited:\
37	:filesize=unlimited:\
38	:coredumpsize=unlimited:\
39	:openfiles=unlimited:\
40	:maxproc=unlimited:\
41	:sbsize=unlimited:\
42	:vmemoryuse=unlimited:\
43	:swapuse=unlimited:\
44	:pseudoterminals=unlimited:\
45	:priority=0:\
46	:ignoretime@:\
47	:umask=022:
48
49
50#
51# A collection of common class names - forward them all to 'default'
52# (login would normally do this anyway, but having a class name
53#  here suppresses the diagnostic)
54#
55standard:\
56	:tc=default:
57xuser:\
58	:tc=default:
59staff:\
60	:tc=default:
61daemon:\
62	:memorylocked=128M:\
63	:tc=default:
64news:\
65	:tc=default:
66dialer:\
67	:tc=default:
68
69#
70# Root can always login
71#
72# N.B.  login_getpwclass(3) will use this entry for the root account,
73#       in preference to 'default'.
74root:\
75	:ignorenologin:\
76	:memorylocked=unlimited:\
77	:tc=default:
78
79#
80# Russian Users Accounts. Setup proper environment variables.
81#
82russian|Russian Users Accounts:\
83	:charset=KOI8-R:\
84	:lang=ru_RU.KOI8-R:\
85	:tc=default:
86
87
88######################################################################
89######################################################################
90##
91## Example entries
92##
93######################################################################
94######################################################################
95
96## Example defaults
97## These settings are used by login(1) by default for classless users
98## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
99#
100#default:\
101#	:cputime=infinity:\
102#	:datasize-cur=22M:\
103#	:stacksize-cur=8M:\
104#	:memorylocked-cur=10M:\
105#	:memoryuse-cur=30M:\
106#	:filesize=infinity:\
107#	:coredumpsize=infinity:\
108#	:maxproc-cur=64:\
109#	:openfiles-cur=64:\
110#	:priority=0:\
111#	:requirehome@:\
112#	:umask=022:\
113#	:tc=auth-defaults:
114#
115#
116##
117## standard - standard user defaults
118##
119#standard:\
120#	:copyright=/etc/COPYRIGHT:\
121#	:welcome=/etc/motd:\
122#	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
123#	:path=~/bin /bin /usr/bin /usr/local/bin:\
124#	:manpath=/usr/share/man /usr/local/man:\
125#	:nologin=/var/run/nologin:\
126#	:cputime=1h30m:\
127#	:datasize=8M:\
128#	:vmemoryuse=100M:\
129#	:stacksize=2M:\
130#	:memorylocked=4M:\
131#	:memoryuse=8M:\
132#	:filesize=8M:\
133#	:coredumpsize=8M:\
134#	:openfiles=24:\
135#	:maxproc=32:\
136#	:priority=0:\
137#	:requirehome:\
138#	:passwordtime=90d:\
139#	:umask=002:\
140#	:ignoretime@:\
141#	:tc=default:
142#
143#
144##
145## users of X (needs more resources!)
146##
147#xuser:\
148#	:manpath=/usr/share/man /usr/local/man:\
149#	:cputime=4h:\
150#	:datasize=12M:\
151#	:vmemoryuse=infinity:\
152#	:stacksize=4M:\
153#	:filesize=8M:\
154#	:memoryuse=16M:\
155#	:openfiles=32:\
156#	:maxproc=48:\
157#	:tc=standard:
158#
159#
160##
161## Staff users - few restrictions and allow login anytime
162##
163#staff:\
164#	:ignorenologin:\
165#	:ignoretime:\
166#	:requirehome@:\
167#	:accounted@:\
168#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
169#	:umask=022:\
170#	:tc=standard:
171#
172#
173##
174## root - fallback for root logins
175##
176#root:\
177#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
178#	:cputime=infinity:\
179#	:datasize=infinity:\
180#	:stacksize=infinity:\
181#	:memorylocked=infinity:\
182#	:memoryuse=infinity:\
183#	:filesize=infinity:\
184#	:coredumpsize=infinity:\
185#	:openfiles=infinity:\
186#	:maxproc=infinity:\
187#	:memoryuse-cur=32M:\
188#	:maxproc-cur=64:\
189#	:openfiles-cur=1024:\
190#	:priority=0:\
191#	:requirehome@:\
192#	:umask=022:\
193#	:tc=auth-root-defaults:
194#
195#
196##
197## Settings used by /etc/rc
198##
199#daemon:\
200#	:coredumpsize@:\
201#	:coredumpsize-cur=0:\
202#	:datasize=infinity:\
203#	:datasize-cur@:\
204#	:maxproc=512:\
205#	:maxproc-cur@:\
206#	:memoryuse-cur=64M:\
207#	:memorylocked-cur=64M:\
208#	:openfiles=1024:\
209#	:openfiles-cur@:\
210#	:stacksize=16M:\
211#	:stacksize-cur@:\
212#	:tc=default:
213#
214#
215##
216## Settings used by news subsystem
217##
218#news:\
219#	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
220#	:cputime=infinity:\
221#	:filesize=128M:\
222#	:datasize-cur=64M:\
223#	:stacksize-cur=32M:\
224#	:coredumpsize-cur=0:\
225#	:maxmemorysize-cur=128M:\
226#	:memorylocked=32M:\
227#	:maxproc=128:\
228#	:openfiles=256:\
229#	:tc=default:
230#
231#
232##
233## The dialer class should be used for a dialup PPP account
234## Welcome messages/news suppressed
235##
236#dialer:\
237#	:hushlogin:\
238#	:requirehome@:\
239#	:cputime=unlimited:\
240#	:filesize=2M:\
241#	:datasize=2M:\
242#	:stacksize=4M:\
243#	:coredumpsize=0:\
244#	:memoryuse=4M:\
245#	:memorylocked=1M:\
246#	:maxproc=16:\
247#	:openfiles=32:\
248#	:tc=standard:
249#
250#
251##
252## Site full-time 24/7 PPP connection
253## - no time accounting, restricted to access via dialin lines
254##
255#site:\
256#	:ignoretime:\
257#	:passwordtime@:\
258#	:refreshtime@:\
259#	:refreshperiod@:\
260#	:sessionlimit@:\
261#	:autodelete@:\
262#	:expireperiod@:\
263#	:graceexpire@:\
264#	:gracetime@:\
265#	:warnexpire@:\
266#	:warnpassword@:\
267#	:idletime@:\
268#	:sessiontime@:\
269#	:daytime@:\
270#	:weektime@:\
271#	:monthtime@:\
272#	:warntime@:\
273#	:accounted@:\
274#	:tc=dialer:\
275#	:tc=staff:
276#
277#
278##
279## Example standard accounting entries for subscriber levels
280##
281#
282#subscriber|Subscribers:\
283#	:accounted:\
284#	:refreshtime=180d:\
285#	:refreshperiod@:\
286#	:sessionlimit@:\
287#	:autodelete=30d:\
288#	:expireperiod=180d:\
289#	:graceexpire=7d:\
290#	:gracetime=10m:\
291#	:warnexpire=7d:\
292#	:warnpassword=7d:\
293#	:idletime=30m:\
294#	:sessiontime=4h:\
295#	:daytime=6h:\
296#	:weektime=40h:\
297#	:monthtime=120h:\
298#	:warntime=4h:\
299#	:tc=standard:
300#
301#
302##
303## Subscriber accounts. These accounts have their login times
304## accounted and have access limits applied.
305##
306#subppp|PPP Subscriber Accounts:\
307#	:tc=dialer:\
308#	:tc=subscriber:
309#
310#
311#subshell|Shell Subscriber Accounts:\
312#	:tc=subscriber:
313#
314##
315## If you want some of the accounts to use traditional UNIX DES based
316## password hashes.
317##
318#des_users:\
319#	:passwd_format=des:\
320#	:tc=default:
321