login.conf revision 21673
1# Sample login.conf - login class capabilities database. 2# To speed up access to this data, you can use /bin/cap_mkdb 3# to create a database form of this file: 4# 5# cap_mkdb /etc/login.conf 6# 7# Don't forget to do this after each edit as well! 8# 9# This file controls resource limits, accounting limits and 10# default user environment settings. 11# 12# $FreeBSD: head/etc/login.conf 21673 1997-01-14 07:20:47Z jkh $ 13# 14 15 16# Authentication methods 17 18auth-defaults:\ 19 :auth=krb_skey_or_passwd,passwd,kerberos,skey: 20 21auth-root-defaults:\ 22 :auth-login=krb_skey_or_passwd,passwd,kerberos,skey:\ 23 :auth-rlogin=krb_or_skey,kerberos,skey:\ 24 25auth-ftp-defaults:\ 26 :auth=skey_or_pwd,passwd,skey: 27 28 29# Example defaults 30# These settings are used by login(1) by default for classless users 31# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 32 33default:\ 34 :cputime=infinity:\ 35 :coredumpsize=infinity:\ 36 :datasize=16M:\ 37 :filesize=infinity:\ 38 :maxproc=64:\ 39 :memorylocked=10M:\ 40 :memoryuse=30M:\ 41 :openfiles=64:\ 42 :priority=0:\ 43 :requirehome:\ 44 :stacksize=2M:\ 45 :term=dumb:\ 46 :umask=022:\ 47 :rc=auth-defaults: 48 49 50# 51# standard - standard user defaults 52# 53standard:\ 54 :copyright=/etc/COPYRIGHT:\ 55 :welcome=/etc/motd:\ 56 :setenv=MAIL=/var/mail/$ BLOCKSIZE=K EDITOR=/usr/bin/ee:\ 57 :path=~/bin /bin /usr/bin /usr/local/bin:\ 58 :manpath=/usr/share/man /usr/local/man:\ 59 :nologin=/etc/nologin:\ 60 :coredumpsize=8M:\ 61 :cputime=1h30m:\ 62 :datasize=8M:\ 63 :stacksize=2M:\ 64 :filesize=8M:\ 65 :memorylocked=4M:\ 66 :memoryuse=8M:\ 67 :openfiles=24:\ 68 :maxproc=32:\ 69 :priority=0:\ 70 :requirehome:\ 71 :umask=002:\ 72 :ignoretime@:\ 73 :tc=default: 74 75# 76# users of X (needs more resources!) 77# 78xuser:\ 79 :manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\ 80 :cputime=4M:\ 81 :stacksize=4M:\ 82 :filesize=8M:\ 83 :memoryuse=12M:\ 84 :openfiles=32:\ 85 :maxproc=48:\ 86 :tc=standard: 87 88 89# 90# Staff users - few restrictions and allow login anytime 91# display staff motd 92# 93staff:\ 94 :welcome=/etc/motd-staff:\ 95 :ignorenologin:\ 96 :ignoretime:\ 97 :requirehome@:\ 98 :accounted@:\ 99 :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 100 :umask=022:\ 101 :tc=standard: 102 103 104# 105# root - fallback for root logins 106# 107root:\ 108 :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 109 :umask=022:\ 110 :tc=auth-root-defaults:\ 111 :tc=staff: 112 113 114# 115# Settings used by /etc/rc 116# 117daemon:\ 118 :cputime=unlimited:\ 119 :filesize=64M:\ 120 :datasize=32M:\ 121 :stacksize=32M:\ 122 :coredumpsize=0:\ 123 :memoryuse=64M:\ 124 :memorylocked=64M:\ 125 :maxproc=32:\ 126 :openfiles=256:\ 127 :tc=default: 128 129 130# 131# Settings used by news subsystem daemons 132# 133news:\ 134 :cputime=unlimited:\ 135 :filesize=128:\ 136 :datasize=64M:\ 137 :stacksize=32M:\ 138 :coredumpsize=0:\ 139 :maxmemorysize=128M:\ 140 :lockedmemory=32M:\ 141 :maxproc=128:\ 142 :openfiles=256:\ 143 :tc=default:\ 144 145 146# 147# The dialer class should be used for a dialup PPP/SLIP accounts 148# Welcome messages/news suppressed and a special shell selector 149# 150dialer:\ 151 :hushlogin:\ 152 :requirehome@:\ 153 :shell=/usr/sbin/userls:\ 154 :cputime=unlimited:\ 155 :filesize=2M:\ 156 :datasize=2M:\ 157 :stacksize=4M:\ 158 :coredumpsize=0:\ 159 :memoryuse=4M:\ 160 :memorylocked=1M:\ 161 :maxproc=16:\ 162 :openfiles=32:\ 163 :tc=standard: 164 165 166# 167# Site full-time 24/7 PPP/SLIP connections 168# - no time accounting, restricted to access via dialin lines 169# 170site:\ 171 :ignoretime:\ 172 :passwordperiod@:\ 173 :refreshtime@:\ 174 :refreshperiod@:\ 175 :sessionlimit@:\ 176 :autodelete@:\ 177 :expireperiod@:\ 178 :graceexpire@:\ 179 ;gracetime@:\ 180 :warnexpire@:\ 181 :warnpassword@:\ 182 :idletime@:\ 183 :sessiontime@:\ 184 :daytime@:\ 185 :weektime@:\ 186 :monthtime@:\ 187 :warntime@:\ 188 :tty.allow=dialin:\ 189 :tty.deny=:\ 190 :host.allow=:\ 191 :host.deny=:\ 192 :accounted@: 193 :tc=dialer:\ 194 :tc=staff: 195 196 197# 198# Example standard accounting entries for subscriber levels 199# 200 201subscriber|Subscribers:\ 202 :accounted:\ 203 :passwordperiod=90d:\ 204 :refreshtime=180d:\ 205 :refreshperiod@:\ 206 :sessionlimit@:\ 207 :autodelete=30d:\ 208 :expireperiod=180d:\ 209 :graceexpire=7d:\ 210 :gracetime=10m:\ 211 :warnexpire=7d:\ 212 :warnpassword=7d:\ 213 :idletime=30m:\ 214 :sessiontime=4h:\ 215 :daytime=6h:\ 216 :weektime=40h:\ 217 :monthtime=120h:\ 218 :warntime=4h:\ 219 :tty.allow=dialin,pty,vt:\ 220 :tty.deny=:\ 221 :times.allow=Any0000-2400:\ 222 :times.deny=Mo0900-1200,Fr2120-2130:\ 223 :tc=standard: 224 225 226# 227# Subscriber accounts. These accounts have their login times 228# accounted and have access limits applied. 229# Userls is a user shell selector - do not use these classes without it! 230# 231subppp|Dual PPP/SLIP Subscriber Accounts:\ 232 :shell=/usr/sbin/userls:\ 233 :tc=dialer:\ 234 :tc=subscriber: 235 236 237subslip|Dual PPP/SLIP Subscriber Accounts:\ 238 :shell=/usr/sbin/userls:\ 239 :tc=dialer:\ 240 :tc=subscriber: 241 242 243subshell:Shell Subscriber Accounts:\ 244 :tc=subscriber: 245 246