login.conf revision 21673 
1# Sample login.conf - login class capabilities database.
2# To speed up access to this data, you can use /bin/cap_mkdb
3# to create a database form of this file:
4#
5#	cap_mkdb /etc/login.conf
6#
7# Don't forget to do this after each edit as well!
8#
9# This file controls resource limits, accounting limits and
10# default user environment settings.
11#
12#	$FreeBSD: head/etc/login.conf 21673 1997-01-14 07:20:47Z jkh $
13#
14
15
16# Authentication methods
17
18auth-defaults:\
19	:auth=krb_skey_or_passwd,passwd,kerberos,skey:
20
21auth-root-defaults:\
22	:auth-login=krb_skey_or_passwd,passwd,kerberos,skey:\
23	:auth-rlogin=krb_or_skey,kerberos,skey:\
24
25auth-ftp-defaults:\
26	:auth=skey_or_pwd,passwd,skey:
27
28
29# Example defaults
30# These settings are used by login(1) by default for classless users
31# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
32
33default:\
34	:cputime=infinity:\
35	:coredumpsize=infinity:\
36	:datasize=16M:\
37	:filesize=infinity:\
38	:maxproc=64:\
39	:memorylocked=10M:\
40	:memoryuse=30M:\
41	:openfiles=64:\
42	:priority=0:\
43	:requirehome:\
44	:stacksize=2M:\
45	:term=dumb:\
46	:umask=022:\
47	:rc=auth-defaults:
48
49
50#
51# standard - standard user defaults
52#
53standard:\
54	:copyright=/etc/COPYRIGHT:\
55	:welcome=/etc/motd:\
56	:setenv=MAIL=/var/mail/$ BLOCKSIZE=K EDITOR=/usr/bin/ee:\
57	:path=~/bin /bin /usr/bin /usr/local/bin:\
58	:manpath=/usr/share/man /usr/local/man:\
59	:nologin=/etc/nologin:\
60	:coredumpsize=8M:\
61	:cputime=1h30m:\
62	:datasize=8M:\
63	:stacksize=2M:\
64	:filesize=8M:\
65	:memorylocked=4M:\
66	:memoryuse=8M:\
67	:openfiles=24:\
68	:maxproc=32:\
69	:priority=0:\
70	:requirehome:\
71	:umask=002:\
72	:ignoretime@:\
73	:tc=default:
74
75#
76# users of X (needs more resources!)
77#
78xuser:\
79	:manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\
80	:cputime=4M:\
81	:stacksize=4M:\
82	:filesize=8M:\
83	:memoryuse=12M:\
84	:openfiles=32:\
85	:maxproc=48:\
86	:tc=standard:
87
88
89#
90# Staff users - few restrictions and allow login anytime
91#		display staff motd
92#
93staff:\
94	:welcome=/etc/motd-staff:\
95	:ignorenologin:\
96	:ignoretime:\
97	:requirehome@:\
98	:accounted@:\
99	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
100	:umask=022:\
101	:tc=standard:
102
103
104#
105# root - fallback for root logins
106#
107root:\
108	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
109	:umask=022:\
110	:tc=auth-root-defaults:\
111	:tc=staff:
112
113
114#
115# Settings used by /etc/rc
116#
117daemon:\
118	:cputime=unlimited:\
119	:filesize=64M:\
120	:datasize=32M:\
121	:stacksize=32M:\
122	:coredumpsize=0:\
123	:memoryuse=64M:\
124	:memorylocked=64M:\
125	:maxproc=32:\
126	:openfiles=256:\
127	:tc=default:
128
129
130#
131# Settings used by news subsystem daemons
132#
133news:\
134	:cputime=unlimited:\
135	:filesize=128:\
136	:datasize=64M:\
137	:stacksize=32M:\
138	:coredumpsize=0:\
139	:maxmemorysize=128M:\
140	:lockedmemory=32M:\
141	:maxproc=128:\
142	:openfiles=256:\
143	:tc=default:\
144
145
146#
147# The dialer class should be used for a dialup PPP/SLIP accounts
148# Welcome messages/news suppressed and a special shell selector
149#
150dialer:\
151	:hushlogin:\
152	:requirehome@:\
153	:shell=/usr/sbin/userls:\
154	:cputime=unlimited:\
155	:filesize=2M:\
156	:datasize=2M:\
157	:stacksize=4M:\
158	:coredumpsize=0:\
159	:memoryuse=4M:\
160	:memorylocked=1M:\
161	:maxproc=16:\
162	:openfiles=32:\
163	:tc=standard:
164
165
166#
167# Site full-time 24/7 PPP/SLIP connections
168# - no time accounting, restricted to access via dialin lines
169#
170site:\
171	:ignoretime:\
172	:passwordperiod@:\
173	:refreshtime@:\
174	:refreshperiod@:\
175	:sessionlimit@:\
176	:autodelete@:\
177	:expireperiod@:\
178	:graceexpire@:\
179	;gracetime@:\
180	:warnexpire@:\
181	:warnpassword@:\
182	:idletime@:\
183	:sessiontime@:\
184	:daytime@:\
185	:weektime@:\
186	:monthtime@:\
187	:warntime@:\
188	:tty.allow=dialin:\
189	:tty.deny=:\
190	:host.allow=:\
191	:host.deny=:\
192	:accounted@:
193	:tc=dialer:\
194	:tc=staff:
195
196
197#
198# Example standard accounting entries for subscriber levels
199#
200
201subscriber|Subscribers:\
202	:accounted:\
203	:passwordperiod=90d:\
204	:refreshtime=180d:\
205	:refreshperiod@:\
206	:sessionlimit@:\
207	:autodelete=30d:\
208	:expireperiod=180d:\
209	:graceexpire=7d:\
210	:gracetime=10m:\
211	:warnexpire=7d:\
212	:warnpassword=7d:\
213	:idletime=30m:\
214	:sessiontime=4h:\
215	:daytime=6h:\
216	:weektime=40h:\
217	:monthtime=120h:\
218	:warntime=4h:\
219	:tty.allow=dialin,pty,vt:\
220	:tty.deny=:\
221	:times.allow=Any0000-2400:\
222	:times.deny=Mo0900-1200,Fr2120-2130:\
223	:tc=standard:
224
225
226#
227# Subscriber accounts. These accounts have their login times
228# accounted and have access limits applied.
229# Userls is a user shell selector - do not use these classes without it!
230#
231subppp|Dual PPP/SLIP Subscriber Accounts:\
232	:shell=/usr/sbin/userls:\
233	:tc=dialer:\
234	:tc=subscriber:
235
236
237subslip|Dual PPP/SLIP Subscriber Accounts:\
238	:shell=/usr/sbin/userls:\
239	:tc=dialer:\
240	:tc=subscriber:
241
242
243subshell:Shell Subscriber Accounts:\
244	:tc=subscriber:
245
246