1# login.conf - login class capabilities database. 2# 3# Remember to rebuild the database after each change to this file: 4# 5# cap_mkdb /etc/login.conf 6# 7# This file controls resource limits, accounting limits and 8# default user environment settings. 9# 10# $FreeBSD: stable/11/etc/login.conf 357789 2020-02-12 02:04:03Z kevans $ 11# 12 13# Default settings effectively disable resource limits, see the 14# examples below for a starting point to enable them. 15 16# defaults 17# These settings are used by login(1) by default for classless users 18# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 19# 20# Note that since a colon ':' is used to separate capability entries, 21# a \c escape sequence must be used to embed a literal colon in the 22# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX 23# AND SEMANTICS'' section of getcap(3) for more escape sequences). 24 25default:\ 26 :passwd_format=sha512:\ 27 :copyright=/etc/COPYRIGHT:\ 28 :welcome=/etc/motd:\ 29 :setenv=BLOCKSIZE=K:\ 30 :mail=/var/mail/$:\ 31 :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\ 32 :nologin=/var/run/nologin:\ 33 :cputime=unlimited:\ 34 :datasize=unlimited:\ 35 :stacksize=unlimited:\ 36 :memorylocked=64K:\ 37 :memoryuse=unlimited:\ 38 :filesize=unlimited:\ 39 :coredumpsize=unlimited:\ 40 :openfiles=unlimited:\ 41 :maxproc=unlimited:\ 42 :sbsize=unlimited:\ 43 :vmemoryuse=unlimited:\ 44 :swapuse=unlimited:\ 45 :pseudoterminals=unlimited:\ 46 :kqueues=unlimited:\ 47 :umtxp=unlimited:\ 48 :priority=0:\ 49 :ignoretime@:\ 50 :umask=022: 51 52 53# 54# A collection of common class names - forward them all to 'default' 55# (login would normally do this anyway, but having a class name 56# here suppresses the diagnostic) 57# 58standard:\ 59 :tc=default: 60xuser:\ 61 :tc=default: 62staff:\ 63 :tc=default: 64daemon:\ 65 :mail@:\ 66 :memorylocked=128M:\ 67 :tc=default: 68news:\ 69 :tc=default: 70dialer:\ 71 :tc=default: 72 73# 74# Root can always login 75# 76# N.B. login_getpwclass(3) will use this entry for the root account, 77# in preference to 'default'. 78root:\ 79 :ignorenologin:\ 80 :memorylocked=unlimited:\ 81 :tc=default: 82 83# 84# Russian Users Accounts. Setup proper environment variables. 85# 86russian|Russian Users Accounts:\ 87 :charset=UTF-8:\ 88 :lang=ru_RU.UTF-8:\ 89 :tc=default: 90 91 92###################################################################### 93###################################################################### 94## 95## Example entries 96## 97###################################################################### 98###################################################################### 99 100## Example defaults 101## These settings are used by login(1) by default for classless users 102## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 103# 104#default:\ 105# :cputime=infinity:\ 106# :datasize-cur=22M:\ 107# :stacksize-cur=8M:\ 108# :memorylocked-cur=10M:\ 109# :memoryuse-cur=30M:\ 110# :filesize=infinity:\ 111# :coredumpsize=infinity:\ 112# :maxproc-cur=64:\ 113# :openfiles-cur=64:\ 114# :priority=0:\ 115# :requirehome@:\ 116# :umask=022:\ 117# :tc=auth-defaults: 118# 119# 120## 121## standard - standard user defaults 122## 123#standard:\ 124# :copyright=/etc/COPYRIGHT:\ 125# :welcome=/etc/motd:\ 126# :setenv=BLOCKSIZE=K:\ 127# :mail=/var/mail/$:\ 128# :path=~/bin /bin /usr/bin /usr/local/bin:\ 129# :manpath=/usr/share/man /usr/local/man:\ 130# :nologin=/var/run/nologin:\ 131# :cputime=1h30m:\ 132# :datasize=8M:\ 133# :vmemoryuse=100M:\ 134# :stacksize=2M:\ 135# :memorylocked=4M:\ 136# :memoryuse=8M:\ 137# :filesize=8M:\ 138# :coredumpsize=8M:\ 139# :openfiles=24:\ 140# :maxproc=32:\ 141# :priority=0:\ 142# :requirehome:\ 143# :passwordtime=90d:\ 144# :umask=002:\ 145# :ignoretime@:\ 146# :tc=default: 147# 148# 149## 150## users of X (needs more resources!) 151## 152#xuser:\ 153# :manpath=/usr/share/man /usr/local/man:\ 154# :cputime=4h:\ 155# :datasize=12M:\ 156# :vmemoryuse=infinity:\ 157# :stacksize=4M:\ 158# :filesize=8M:\ 159# :memoryuse=16M:\ 160# :openfiles=32:\ 161# :maxproc=48:\ 162# :tc=standard: 163# 164# 165## 166## Staff users - few restrictions and allow login anytime 167## 168#staff:\ 169# :ignorenologin:\ 170# :ignoretime:\ 171# :requirehome@:\ 172# :accounted@:\ 173# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 174# :umask=022:\ 175# :tc=standard: 176# 177# 178## 179## root - fallback for root logins 180## 181#root:\ 182# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 183# :cputime=infinity:\ 184# :datasize=infinity:\ 185# :stacksize=infinity:\ 186# :memorylocked=infinity:\ 187# :memoryuse=infinity:\ 188# :filesize=infinity:\ 189# :coredumpsize=infinity:\ 190# :openfiles=infinity:\ 191# :maxproc=infinity:\ 192# :memoryuse-cur=32M:\ 193# :maxproc-cur=64:\ 194# :openfiles-cur=1024:\ 195# :priority=0:\ 196# :requirehome@:\ 197# :umask=022:\ 198# :tc=auth-root-defaults: 199# 200# 201## 202## Settings used by /etc/rc 203## 204#daemon:\ 205# :coredumpsize@:\ 206# :coredumpsize-cur=0:\ 207# :datasize=infinity:\ 208# :datasize-cur@:\ 209# :maxproc=512:\ 210# :maxproc-cur@:\ 211# :memoryuse-cur=64M:\ 212# :memorylocked-cur=64M:\ 213# :openfiles=1024:\ 214# :openfiles-cur@:\ 215# :stacksize=16M:\ 216# :stacksize-cur@:\ 217# :tc=default: 218# 219# 220## 221## Settings used by news subsystem 222## 223#news:\ 224# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 225# :cputime=infinity:\ 226# :filesize=128M:\ 227# :datasize-cur=64M:\ 228# :stacksize-cur=32M:\ 229# :coredumpsize-cur=0:\ 230# :maxmemorysize-cur=128M:\ 231# :memorylocked=32M:\ 232# :maxproc=128:\ 233# :openfiles=256:\ 234# :tc=default: 235# 236# 237## 238## The dialer class should be used for a dialup PPP account 239## Welcome messages/news suppressed 240## 241#dialer:\ 242# :hushlogin:\ 243# :requirehome@:\ 244# :cputime=unlimited:\ 245# :filesize=2M:\ 246# :datasize=2M:\ 247# :stacksize=4M:\ 248# :coredumpsize=0:\ 249# :memoryuse=4M:\ 250# :memorylocked=1M:\ 251# :maxproc=16:\ 252# :openfiles=32:\ 253# :tc=standard: 254# 255# 256## 257## Site full-time 24/7 PPP connection 258## - no time accounting, restricted to access via dialin lines 259## 260#site:\ 261# :ignoretime:\ 262# :passwordtime@:\ 263# :refreshtime@:\ 264# :refreshperiod@:\ 265# :sessionlimit@:\ 266# :autodelete@:\ 267# :expireperiod@:\ 268# :graceexpire@:\ 269# :gracetime@:\ 270# :warnexpire@:\ 271# :warnpassword@:\ 272# :idletime@:\ 273# :sessiontime@:\ 274# :daytime@:\ 275# :weektime@:\ 276# :monthtime@:\ 277# :warntime@:\ 278# :accounted@:\ 279# :tc=dialer:\ 280# :tc=staff: 281# 282# 283## 284## Example standard accounting entries for subscriber levels 285## 286# 287#subscriber|Subscribers:\ 288# :accounted:\ 289# :refreshtime=180d:\ 290# :refreshperiod@:\ 291# :sessionlimit@:\ 292# :autodelete=30d:\ 293# :expireperiod=180d:\ 294# :graceexpire=7d:\ 295# :gracetime=10m:\ 296# :warnexpire=7d:\ 297# :warnpassword=7d:\ 298# :idletime=30m:\ 299# :sessiontime=4h:\ 300# :daytime=6h:\ 301# :weektime=40h:\ 302# :monthtime=120h:\ 303# :warntime=4h:\ 304# :tc=standard: 305# 306# 307## 308## Subscriber accounts. These accounts have their login times 309## accounted and have access limits applied. 310## 311#subppp|PPP Subscriber Accounts:\ 312# :tc=dialer:\ 313# :tc=subscriber: 314# 315# 316#subshell|Shell Subscriber Accounts:\ 317# :tc=subscriber: 318# 319## 320## If you want some of the accounts to use traditional UNIX DES based 321## password hashes. 322## 323#des_users:\ 324# :passwd_format=des:\ 325# :tc=default: 326