158579Srwatson# login.conf - login class capabilities database.
221526Sdavidn#
358579Srwatson# Remember to rebuild the database after each change to this file:
458579Srwatson#
521526Sdavidn#	cap_mkdb /etc/login.conf
621526Sdavidn#
721526Sdavidn# This file controls resource limits, accounting limits and
821526Sdavidn# default user environment settings.
921526Sdavidn#
1050472Speter# $FreeBSD$
1121526Sdavidn#
1221526Sdavidn
1339375Smsmith# Default settings effectively disable resource limits, see the
1439375Smsmith# examples below for a starting point to enable them.
1521526Sdavidn
1642149Shoek# defaults
1721526Sdavidn# These settings are used by login(1) by default for classless users
1821526Sdavidn# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
19149672Skeramida#
20149672Skeramida# Note that since a colon ':' is used to separate capability entries,
21149672Skeramida# a \c escape sequence must be used to embed a literal colon in the
22149672Skeramida# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX
23149672Skeramida# AND SEMANTICS'' section of getcap(3) for more escape sequences).
2421526Sdavidn
2521526Sdavidndefault:\
26237269Sdes	:passwd_format=sha512:\
2770189Srwatson	:copyright=/etc/COPYRIGHT:\
2821526Sdavidn	:welcome=/etc/motd:\
29237270Sdes	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
30170088Sdougb	:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin ~/bin:\
3142515Sasami	:nologin=/var/run/nologin:\
3239375Smsmith	:cputime=unlimited:\
3339375Smsmith	:datasize=unlimited:\
3439375Smsmith	:stacksize=unlimited:\
35244383Szont	:memorylocked=64K:\
3639375Smsmith	:memoryuse=unlimited:\
3739375Smsmith	:filesize=unlimited:\
3839375Smsmith	:coredumpsize=unlimited:\
3939375Smsmith	:openfiles=unlimited:\
4039375Smsmith	:maxproc=unlimited:\
4161184Salfred	:sbsize=unlimited:\
4298853Sdillon	:vmemoryuse=unlimited:\
43194767Skib	:swapuse=unlimited:\
44181905Sed	:pseudoterminals=unlimited:\
4521538Sdavidn	:priority=0:\
4621526Sdavidn	:ignoretime@:\
4739375Smsmith	:umask=022:
4821526Sdavidn
4921943Sdavidn
5021538Sdavidn#
5139375Smsmith# A collection of common class names - forward them all to 'default'
5239375Smsmith# (login would normally do this anyway, but having a class name
5339375Smsmith#  here suppresses the diagnostic)
5421538Sdavidn#
5539375Smsmithstandard:\
5639375Smsmith	:tc=default:
5721538Sdavidnxuser:\
5839375Smsmith	:tc=default:
5921526Sdavidnstaff:\
6039375Smsmith	:tc=default:
6139375Smsmithdaemon:\
62246002Sneel	:memorylocked=128M:\
6339424Sdt	:tc=default:
6439375Smsmithnews:\
6539375Smsmith	:tc=default:
6639375Smsmithdialer:\
6739375Smsmith	:tc=default:
6821526Sdavidn
6921526Sdavidn#
7039375Smsmith# Root can always login
7121526Sdavidn#
7248814Snik# N.B.  login_getpwclass(3) will use this entry for the root account,
7348814Snik#       in preference to 'default'.
7421526Sdavidnroot:\
7539375Smsmith	:ignorenologin:\
76244383Szont	:memorylocked=unlimited:\
7739375Smsmith	:tc=default:
7821526Sdavidn
7921526Sdavidn#
8039375Smsmith# Russian Users Accounts. Setup proper environment variables.
8121526Sdavidn#
8291527Srwatsonrussian|Russian Users Accounts:\
8339375Smsmith	:charset=KOI8-R:\
8439375Smsmith	:lang=ru_RU.KOI8-R:\
8521526Sdavidn	:tc=default:
8621526Sdavidn
8721526Sdavidn
8839375Smsmith######################################################################
8939375Smsmith######################################################################
9039375Smsmith##
9139375Smsmith## Example entries
92130151Sschweikh##
9339375Smsmith######################################################################
9439375Smsmith######################################################################
9539375Smsmith
9639375Smsmith## Example defaults
9739375Smsmith## These settings are used by login(1) by default for classless users
9839375Smsmith## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
9921526Sdavidn#
10039375Smsmith#default:\
10139375Smsmith#	:cputime=infinity:\
10239375Smsmith#	:datasize-cur=22M:\
10339375Smsmith#	:stacksize-cur=8M:\
10439375Smsmith#	:memorylocked-cur=10M:\
10539375Smsmith#	:memoryuse-cur=30M:\
10639375Smsmith#	:filesize=infinity:\
10739375Smsmith#	:coredumpsize=infinity:\
10839375Smsmith#	:maxproc-cur=64:\
10939375Smsmith#	:openfiles-cur=64:\
11039375Smsmith#	:priority=0:\
11139375Smsmith#	:requirehome@:\
11239375Smsmith#	:umask=022:\
11339375Smsmith#	:tc=auth-defaults:
11421526Sdavidn#
11521526Sdavidn#
11639375Smsmith##
11739375Smsmith## standard - standard user defaults
11839375Smsmith##
11939375Smsmith#standard:\
12070189Srwatson#	:copyright=/etc/COPYRIGHT:\
12139375Smsmith#	:welcome=/etc/motd:\
12243220Sdg#	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
12339375Smsmith#	:path=~/bin /bin /usr/bin /usr/local/bin:\
12439375Smsmith#	:manpath=/usr/share/man /usr/local/man:\
12542587Sasami#	:nologin=/var/run/nologin:\
12639375Smsmith#	:cputime=1h30m:\
12739375Smsmith#	:datasize=8M:\
12898853Sdillon#	:vmemoryuse=100M:\
12939375Smsmith#	:stacksize=2M:\
13039375Smsmith#	:memorylocked=4M:\
13139375Smsmith#	:memoryuse=8M:\
13239375Smsmith#	:filesize=8M:\
13339375Smsmith#	:coredumpsize=8M:\
13439375Smsmith#	:openfiles=24:\
13539375Smsmith#	:maxproc=32:\
13639375Smsmith#	:priority=0:\
13739375Smsmith#	:requirehome:\
13846209Shoek#	:passwordtime=90d:\
13939375Smsmith#	:umask=002:\
14039375Smsmith#	:ignoretime@:\
14139375Smsmith#	:tc=default:
14221526Sdavidn#
14321526Sdavidn#
14439375Smsmith##
14539375Smsmith## users of X (needs more resources!)
14639375Smsmith##
14739375Smsmith#xuser:\
148170088Sdougb#	:manpath=/usr/share/man /usr/local/man:\
14939375Smsmith#	:cputime=4h:\
15039375Smsmith#	:datasize=12M:\
15198853Sdillon#	:vmemoryuse=infinity:\
15239375Smsmith#	:stacksize=4M:\
15339375Smsmith#	:filesize=8M:\
15439375Smsmith#	:memoryuse=16M:\
15539375Smsmith#	:openfiles=32:\
15639375Smsmith#	:maxproc=48:\
15739375Smsmith#	:tc=standard:
15825369Sache#
15925369Sache#
16039375Smsmith##
16139375Smsmith## Staff users - few restrictions and allow login anytime
16239375Smsmith##
16339375Smsmith#staff:\
16439375Smsmith#	:ignorenologin:\
16539375Smsmith#	:ignoretime:\
16639375Smsmith#	:requirehome@:\
16739375Smsmith#	:accounted@:\
16839375Smsmith#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
16939375Smsmith#	:umask=022:\
17039375Smsmith#	:tc=standard:
17139375Smsmith#
17239375Smsmith#
17339375Smsmith##
17439375Smsmith## root - fallback for root logins
17539375Smsmith##
17639375Smsmith#root:\
17739375Smsmith#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
17839375Smsmith#	:cputime=infinity:\
17939375Smsmith#	:datasize=infinity:\
18039375Smsmith#	:stacksize=infinity:\
18139375Smsmith#	:memorylocked=infinity:\
18239375Smsmith#	:memoryuse=infinity:\
18339375Smsmith#	:filesize=infinity:\
18439375Smsmith#	:coredumpsize=infinity:\
18539375Smsmith#	:openfiles=infinity:\
18639375Smsmith#	:maxproc=infinity:\
18739375Smsmith#	:memoryuse-cur=32M:\
18839375Smsmith#	:maxproc-cur=64:\
18939375Smsmith#	:openfiles-cur=1024:\
19039375Smsmith#	:priority=0:\
19139375Smsmith#	:requirehome@:\
19239375Smsmith#	:umask=022:\
19339375Smsmith#	:tc=auth-root-defaults:
19439375Smsmith#
19539375Smsmith#
19639375Smsmith##
19739375Smsmith## Settings used by /etc/rc
19839375Smsmith##
19939375Smsmith#daemon:\
20039375Smsmith#	:coredumpsize@:\
20139375Smsmith#	:coredumpsize-cur=0:\
20239375Smsmith#	:datasize=infinity:\
20339375Smsmith#	:datasize-cur@:\
20439375Smsmith#	:maxproc=512:\
20539375Smsmith#	:maxproc-cur@:\
20639375Smsmith#	:memoryuse-cur=64M:\
20739375Smsmith#	:memorylocked-cur=64M:\
20839375Smsmith#	:openfiles=1024:\
20939375Smsmith#	:openfiles-cur@:\
21039375Smsmith#	:stacksize=16M:\
21139375Smsmith#	:stacksize-cur@:\
21239375Smsmith#	:tc=default:
21339375Smsmith#
21439375Smsmith#
21539375Smsmith##
21639375Smsmith## Settings used by news subsystem
21739375Smsmith##
21839375Smsmith#news:\
21939375Smsmith#	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
22039375Smsmith#	:cputime=infinity:\
22139375Smsmith#	:filesize=128M:\
22239375Smsmith#	:datasize-cur=64M:\
22339375Smsmith#	:stacksize-cur=32M:\
22439375Smsmith#	:coredumpsize-cur=0:\
22539375Smsmith#	:maxmemorysize-cur=128M:\
22639375Smsmith#	:memorylocked=32M:\
22739375Smsmith#	:maxproc=128:\
22839375Smsmith#	:openfiles=256:\
22939375Smsmith#	:tc=default:
23039375Smsmith#
23139375Smsmith#
23239375Smsmith##
233209331Sbrian## The dialer class should be used for a dialup PPP account
23439375Smsmith## Welcome messages/news suppressed
23539375Smsmith##
23639375Smsmith#dialer:\
23739375Smsmith#	:hushlogin:\
23839375Smsmith#	:requirehome@:\
23939375Smsmith#	:cputime=unlimited:\
24039375Smsmith#	:filesize=2M:\
24139375Smsmith#	:datasize=2M:\
24239375Smsmith#	:stacksize=4M:\
24339375Smsmith#	:coredumpsize=0:\
24439375Smsmith#	:memoryuse=4M:\
24539375Smsmith#	:memorylocked=1M:\
24639375Smsmith#	:maxproc=16:\
24739375Smsmith#	:openfiles=32:\
24839375Smsmith#	:tc=standard:
24939375Smsmith#
25039375Smsmith#
25139375Smsmith##
252209331Sbrian## Site full-time 24/7 PPP connection
25339375Smsmith## - no time accounting, restricted to access via dialin lines
25439375Smsmith##
25539375Smsmith#site:\
25639375Smsmith#	:ignoretime:\
25746209Shoek#	:passwordtime@:\
25839375Smsmith#	:refreshtime@:\
25939375Smsmith#	:refreshperiod@:\
26039375Smsmith#	:sessionlimit@:\
26139375Smsmith#	:autodelete@:\
26239375Smsmith#	:expireperiod@:\
26339375Smsmith#	:graceexpire@:\
26439375Smsmith#	:gracetime@:\
26539375Smsmith#	:warnexpire@:\
26639375Smsmith#	:warnpassword@:\
26739375Smsmith#	:idletime@:\
26839375Smsmith#	:sessiontime@:\
26939375Smsmith#	:daytime@:\
27039375Smsmith#	:weektime@:\
27139375Smsmith#	:monthtime@:\
27239375Smsmith#	:warntime@:\
27339375Smsmith#	:accounted@:\
27439375Smsmith#	:tc=dialer:\
27539375Smsmith#	:tc=staff:
27639375Smsmith#
27739375Smsmith#
27839375Smsmith##
27939375Smsmith## Example standard accounting entries for subscriber levels
28039375Smsmith##
28139375Smsmith#
28239375Smsmith#subscriber|Subscribers:\
28339375Smsmith#	:accounted:\
28439375Smsmith#	:refreshtime=180d:\
28539375Smsmith#	:refreshperiod@:\
28639375Smsmith#	:sessionlimit@:\
28739375Smsmith#	:autodelete=30d:\
28839375Smsmith#	:expireperiod=180d:\
28939375Smsmith#	:graceexpire=7d:\
29039375Smsmith#	:gracetime=10m:\
29139375Smsmith#	:warnexpire=7d:\
29239375Smsmith#	:warnpassword=7d:\
29339375Smsmith#	:idletime=30m:\
29439375Smsmith#	:sessiontime=4h:\
29539375Smsmith#	:daytime=6h:\
29639375Smsmith#	:weektime=40h:\
29739375Smsmith#	:monthtime=120h:\
29839375Smsmith#	:warntime=4h:\
29939375Smsmith#	:tc=standard:
30039375Smsmith#
30139375Smsmith#
30239375Smsmith##
30339375Smsmith## Subscriber accounts. These accounts have their login times
30439375Smsmith## accounted and have access limits applied.
30539375Smsmith##
30639375Smsmith#subppp|PPP Subscriber Accounts:\
30739375Smsmith#	:tc=dialer:\
30839375Smsmith#	:tc=subscriber:
30939375Smsmith#
31039375Smsmith#
31191528Srwatson#subshell|Shell Subscriber Accounts:\
31239375Smsmith#	:tc=subscriber:
31339375Smsmith#
31469015Sobrien##
31569015Sobrien## If you want some of the accounts to use traditional UNIX DES based
31669015Sobrien## password hashes.
31769015Sobrien##
31869015Sobrien#des_users:\
31983325Sru#	:passwd_format=des:\
32069015Sobrien#	:tc=default:
321