login.conf revision 256850
1# login.conf - login class capabilities database. 2# 3# Remember to rebuild the database after each change to this file: 4# 5# cap_mkdb /etc/login.conf 6# 7# This file controls resource limits, accounting limits and 8# default user environment settings. 9# 10# $FreeBSD: head/etc/login.conf 256850 2013-10-21 16:46:12Z kib $ 11# 12 13# Default settings effectively disable resource limits, see the 14# examples below for a starting point to enable them. 15 16# defaults 17# These settings are used by login(1) by default for classless users 18# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 19# 20# Note that since a colon ':' is used to separate capability entries, 21# a \c escape sequence must be used to embed a literal colon in the 22# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX 23# AND SEMANTICS'' section of getcap(3) for more escape sequences). 24 25default:\ 26 :passwd_format=sha512:\ 27 :copyright=/etc/COPYRIGHT:\ 28 :welcome=/etc/motd:\ 29 :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ 30 :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin ~/bin:\ 31 :nologin=/var/run/nologin:\ 32 :cputime=unlimited:\ 33 :datasize=unlimited:\ 34 :stacksize=unlimited:\ 35 :memorylocked=64K:\ 36 :memoryuse=unlimited:\ 37 :filesize=unlimited:\ 38 :coredumpsize=unlimited:\ 39 :openfiles=unlimited:\ 40 :maxproc=unlimited:\ 41 :sbsize=unlimited:\ 42 :vmemoryuse=unlimited:\ 43 :swapuse=unlimited:\ 44 :pseudoterminals=unlimited:\ 45 :kqueues=unlimited:\ 46 :priority=0:\ 47 :ignoretime@:\ 48 :umask=022: 49 50 51# 52# A collection of common class names - forward them all to 'default' 53# (login would normally do this anyway, but having a class name 54# here suppresses the diagnostic) 55# 56standard:\ 57 :tc=default: 58xuser:\ 59 :tc=default: 60staff:\ 61 :tc=default: 62daemon:\ 63 :memorylocked=128M:\ 64 :tc=default: 65news:\ 66 :tc=default: 67dialer:\ 68 :tc=default: 69 70# 71# Root can always login 72# 73# N.B. login_getpwclass(3) will use this entry for the root account, 74# in preference to 'default'. 75root:\ 76 :ignorenologin:\ 77 :memorylocked=unlimited:\ 78 :tc=default: 79 80# 81# Russian Users Accounts. Setup proper environment variables. 82# 83russian|Russian Users Accounts:\ 84 :charset=KOI8-R:\ 85 :lang=ru_RU.KOI8-R:\ 86 :tc=default: 87 88 89###################################################################### 90###################################################################### 91## 92## Example entries 93## 94###################################################################### 95###################################################################### 96 97## Example defaults 98## These settings are used by login(1) by default for classless users 99## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 100# 101#default:\ 102# :cputime=infinity:\ 103# :datasize-cur=22M:\ 104# :stacksize-cur=8M:\ 105# :memorylocked-cur=10M:\ 106# :memoryuse-cur=30M:\ 107# :filesize=infinity:\ 108# :coredumpsize=infinity:\ 109# :maxproc-cur=64:\ 110# :openfiles-cur=64:\ 111# :priority=0:\ 112# :requirehome@:\ 113# :umask=022:\ 114# :tc=auth-defaults: 115# 116# 117## 118## standard - standard user defaults 119## 120#standard:\ 121# :copyright=/etc/COPYRIGHT:\ 122# :welcome=/etc/motd:\ 123# :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ 124# :path=~/bin /bin /usr/bin /usr/local/bin:\ 125# :manpath=/usr/share/man /usr/local/man:\ 126# :nologin=/var/run/nologin:\ 127# :cputime=1h30m:\ 128# :datasize=8M:\ 129# :vmemoryuse=100M:\ 130# :stacksize=2M:\ 131# :memorylocked=4M:\ 132# :memoryuse=8M:\ 133# :filesize=8M:\ 134# :coredumpsize=8M:\ 135# :openfiles=24:\ 136# :maxproc=32:\ 137# :priority=0:\ 138# :requirehome:\ 139# :passwordtime=90d:\ 140# :umask=002:\ 141# :ignoretime@:\ 142# :tc=default: 143# 144# 145## 146## users of X (needs more resources!) 147## 148#xuser:\ 149# :manpath=/usr/share/man /usr/local/man:\ 150# :cputime=4h:\ 151# :datasize=12M:\ 152# :vmemoryuse=infinity:\ 153# :stacksize=4M:\ 154# :filesize=8M:\ 155# :memoryuse=16M:\ 156# :openfiles=32:\ 157# :maxproc=48:\ 158# :tc=standard: 159# 160# 161## 162## Staff users - few restrictions and allow login anytime 163## 164#staff:\ 165# :ignorenologin:\ 166# :ignoretime:\ 167# :requirehome@:\ 168# :accounted@:\ 169# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 170# :umask=022:\ 171# :tc=standard: 172# 173# 174## 175## root - fallback for root logins 176## 177#root:\ 178# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 179# :cputime=infinity:\ 180# :datasize=infinity:\ 181# :stacksize=infinity:\ 182# :memorylocked=infinity:\ 183# :memoryuse=infinity:\ 184# :filesize=infinity:\ 185# :coredumpsize=infinity:\ 186# :openfiles=infinity:\ 187# :maxproc=infinity:\ 188# :memoryuse-cur=32M:\ 189# :maxproc-cur=64:\ 190# :openfiles-cur=1024:\ 191# :priority=0:\ 192# :requirehome@:\ 193# :umask=022:\ 194# :tc=auth-root-defaults: 195# 196# 197## 198## Settings used by /etc/rc 199## 200#daemon:\ 201# :coredumpsize@:\ 202# :coredumpsize-cur=0:\ 203# :datasize=infinity:\ 204# :datasize-cur@:\ 205# :maxproc=512:\ 206# :maxproc-cur@:\ 207# :memoryuse-cur=64M:\ 208# :memorylocked-cur=64M:\ 209# :openfiles=1024:\ 210# :openfiles-cur@:\ 211# :stacksize=16M:\ 212# :stacksize-cur@:\ 213# :tc=default: 214# 215# 216## 217## Settings used by news subsystem 218## 219#news:\ 220# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 221# :cputime=infinity:\ 222# :filesize=128M:\ 223# :datasize-cur=64M:\ 224# :stacksize-cur=32M:\ 225# :coredumpsize-cur=0:\ 226# :maxmemorysize-cur=128M:\ 227# :memorylocked=32M:\ 228# :maxproc=128:\ 229# :openfiles=256:\ 230# :tc=default: 231# 232# 233## 234## The dialer class should be used for a dialup PPP account 235## Welcome messages/news suppressed 236## 237#dialer:\ 238# :hushlogin:\ 239# :requirehome@:\ 240# :cputime=unlimited:\ 241# :filesize=2M:\ 242# :datasize=2M:\ 243# :stacksize=4M:\ 244# :coredumpsize=0:\ 245# :memoryuse=4M:\ 246# :memorylocked=1M:\ 247# :maxproc=16:\ 248# :openfiles=32:\ 249# :tc=standard: 250# 251# 252## 253## Site full-time 24/7 PPP connection 254## - no time accounting, restricted to access via dialin lines 255## 256#site:\ 257# :ignoretime:\ 258# :passwordtime@:\ 259# :refreshtime@:\ 260# :refreshperiod@:\ 261# :sessionlimit@:\ 262# :autodelete@:\ 263# :expireperiod@:\ 264# :graceexpire@:\ 265# :gracetime@:\ 266# :warnexpire@:\ 267# :warnpassword@:\ 268# :idletime@:\ 269# :sessiontime@:\ 270# :daytime@:\ 271# :weektime@:\ 272# :monthtime@:\ 273# :warntime@:\ 274# :accounted@:\ 275# :tc=dialer:\ 276# :tc=staff: 277# 278# 279## 280## Example standard accounting entries for subscriber levels 281## 282# 283#subscriber|Subscribers:\ 284# :accounted:\ 285# :refreshtime=180d:\ 286# :refreshperiod@:\ 287# :sessionlimit@:\ 288# :autodelete=30d:\ 289# :expireperiod=180d:\ 290# :graceexpire=7d:\ 291# :gracetime=10m:\ 292# :warnexpire=7d:\ 293# :warnpassword=7d:\ 294# :idletime=30m:\ 295# :sessiontime=4h:\ 296# :daytime=6h:\ 297# :weektime=40h:\ 298# :monthtime=120h:\ 299# :warntime=4h:\ 300# :tc=standard: 301# 302# 303## 304## Subscriber accounts. These accounts have their login times 305## accounted and have access limits applied. 306## 307#subppp|PPP Subscriber Accounts:\ 308# :tc=dialer:\ 309# :tc=subscriber: 310# 311# 312#subshell|Shell Subscriber Accounts:\ 313# :tc=subscriber: 314# 315## 316## If you want some of the accounts to use traditional UNIX DES based 317## password hashes. 318## 319#des_users:\ 320# :passwd_format=des:\ 321# :tc=default: 322