login.access revision 1519
1# Login access control table. 2# 3# When someone logs in, the table is scanned for the first entry that 4# matches the (user, host) combination, or, in case of non-networked 5# logins, the first entry that matches the (user, tty) combination. The 6# permissions field of that table entry determines whether the login will 7# be accepted or refused. 8# 9# Format of the login access control table is three fields separated by a 10# ":" character: 11# 12# permission : users : origins 13# 14# The first field should be a "+" (access granted) or "-" (access denied) 15# character. The second field should be a list of one or more login names, 16# group names, or ALL (always matches). The third field should be a list 17# of one or more tty names (for non-networked logins), host names, domain 18# names (begin with "."), host addresses, internet network numbers (end 19# with "."), ALL (always matches) or LOCAL (matches any string that does 20# not contain a "." character). If you run NIS you can use @netgroupname 21# in host or user patterns. 22# 23# The EXCEPT operator makes it possible to write very compact rules. 24# 25# The group file is searched only when a name does not match that of the 26# logged-in user. Only groups are matched in which users are explicitly 27# listed: the program does not look at a user's primary group id value. 28# 29############################################################################## 30# 31# Disallow console logins to all but a few accounts. 32# 33#-:ALL EXCEPT wheel shutdown sync:console 34# 35# Disallow non-local logins to privileged accounts (group wheel). 36# 37#-:wheel:ALL EXCEPT LOCAL .win.tue.nl 38# 39# Some accounts are not allowed to login from anywhere: 40# 41#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL 42# 43# All other accounts are allowed to login from anywhere. 44# 45