login.conf revision 256850 
1# login.conf - login class capabilities database.
2#
3# Remember to rebuild the database after each change to this file:
4#
5#	cap_mkdb /etc/login.conf
6#
7# This file controls resource limits, accounting limits and
8# default user environment settings.
9#
10# $FreeBSD: head/etc/login.conf 256850 2013-10-21 16:46:12Z kib $
11#
12
13# Default settings effectively disable resource limits, see the
14# examples below for a starting point to enable them.
15
16# defaults
17# These settings are used by login(1) by default for classless users
18# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
19#
20# Note that since a colon ':' is used to separate capability entries,
21# a \c escape sequence must be used to embed a literal colon in the
22# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX
23# AND SEMANTICS'' section of getcap(3) for more escape sequences).
24
25default:\
26	:passwd_format=sha512:\
27	:copyright=/etc/COPYRIGHT:\
28	:welcome=/etc/motd:\
29	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
30	:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin ~/bin:\
31	:nologin=/var/run/nologin:\
32	:cputime=unlimited:\
33	:datasize=unlimited:\
34	:stacksize=unlimited:\
35	:memorylocked=64K:\
36	:memoryuse=unlimited:\
37	:filesize=unlimited:\
38	:coredumpsize=unlimited:\
39	:openfiles=unlimited:\
40	:maxproc=unlimited:\
41	:sbsize=unlimited:\
42	:vmemoryuse=unlimited:\
43	:swapuse=unlimited:\
44	:pseudoterminals=unlimited:\
45	:kqueues=unlimited:\
46	:priority=0:\
47	:ignoretime@:\
48	:umask=022:
49
50
51#
52# A collection of common class names - forward them all to 'default'
53# (login would normally do this anyway, but having a class name
54#  here suppresses the diagnostic)
55#
56standard:\
57	:tc=default:
58xuser:\
59	:tc=default:
60staff:\
61	:tc=default:
62daemon:\
63	:memorylocked=128M:\
64	:tc=default:
65news:\
66	:tc=default:
67dialer:\
68	:tc=default:
69
70#
71# Root can always login
72#
73# N.B.  login_getpwclass(3) will use this entry for the root account,
74#       in preference to 'default'.
75root:\
76	:ignorenologin:\
77	:memorylocked=unlimited:\
78	:tc=default:
79
80#
81# Russian Users Accounts. Setup proper environment variables.
82#
83russian|Russian Users Accounts:\
84	:charset=KOI8-R:\
85	:lang=ru_RU.KOI8-R:\
86	:tc=default:
87
88
89######################################################################
90######################################################################
91##
92## Example entries
93##
94######################################################################
95######################################################################
96
97## Example defaults
98## These settings are used by login(1) by default for classless users
99## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
100#
101#default:\
102#	:cputime=infinity:\
103#	:datasize-cur=22M:\
104#	:stacksize-cur=8M:\
105#	:memorylocked-cur=10M:\
106#	:memoryuse-cur=30M:\
107#	:filesize=infinity:\
108#	:coredumpsize=infinity:\
109#	:maxproc-cur=64:\
110#	:openfiles-cur=64:\
111#	:priority=0:\
112#	:requirehome@:\
113#	:umask=022:\
114#	:tc=auth-defaults:
115#
116#
117##
118## standard - standard user defaults
119##
120#standard:\
121#	:copyright=/etc/COPYRIGHT:\
122#	:welcome=/etc/motd:\
123#	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
124#	:path=~/bin /bin /usr/bin /usr/local/bin:\
125#	:manpath=/usr/share/man /usr/local/man:\
126#	:nologin=/var/run/nologin:\
127#	:cputime=1h30m:\
128#	:datasize=8M:\
129#	:vmemoryuse=100M:\
130#	:stacksize=2M:\
131#	:memorylocked=4M:\
132#	:memoryuse=8M:\
133#	:filesize=8M:\
134#	:coredumpsize=8M:\
135#	:openfiles=24:\
136#	:maxproc=32:\
137#	:priority=0:\
138#	:requirehome:\
139#	:passwordtime=90d:\
140#	:umask=002:\
141#	:ignoretime@:\
142#	:tc=default:
143#
144#
145##
146## users of X (needs more resources!)
147##
148#xuser:\
149#	:manpath=/usr/share/man /usr/local/man:\
150#	:cputime=4h:\
151#	:datasize=12M:\
152#	:vmemoryuse=infinity:\
153#	:stacksize=4M:\
154#	:filesize=8M:\
155#	:memoryuse=16M:\
156#	:openfiles=32:\
157#	:maxproc=48:\
158#	:tc=standard:
159#
160#
161##
162## Staff users - few restrictions and allow login anytime
163##
164#staff:\
165#	:ignorenologin:\
166#	:ignoretime:\
167#	:requirehome@:\
168#	:accounted@:\
169#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
170#	:umask=022:\
171#	:tc=standard:
172#
173#
174##
175## root - fallback for root logins
176##
177#root:\
178#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
179#	:cputime=infinity:\
180#	:datasize=infinity:\
181#	:stacksize=infinity:\
182#	:memorylocked=infinity:\
183#	:memoryuse=infinity:\
184#	:filesize=infinity:\
185#	:coredumpsize=infinity:\
186#	:openfiles=infinity:\
187#	:maxproc=infinity:\
188#	:memoryuse-cur=32M:\
189#	:maxproc-cur=64:\
190#	:openfiles-cur=1024:\
191#	:priority=0:\
192#	:requirehome@:\
193#	:umask=022:\
194#	:tc=auth-root-defaults:
195#
196#
197##
198## Settings used by /etc/rc
199##
200#daemon:\
201#	:coredumpsize@:\
202#	:coredumpsize-cur=0:\
203#	:datasize=infinity:\
204#	:datasize-cur@:\
205#	:maxproc=512:\
206#	:maxproc-cur@:\
207#	:memoryuse-cur=64M:\
208#	:memorylocked-cur=64M:\
209#	:openfiles=1024:\
210#	:openfiles-cur@:\
211#	:stacksize=16M:\
212#	:stacksize-cur@:\
213#	:tc=default:
214#
215#
216##
217## Settings used by news subsystem
218##
219#news:\
220#	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
221#	:cputime=infinity:\
222#	:filesize=128M:\
223#	:datasize-cur=64M:\
224#	:stacksize-cur=32M:\
225#	:coredumpsize-cur=0:\
226#	:maxmemorysize-cur=128M:\
227#	:memorylocked=32M:\
228#	:maxproc=128:\
229#	:openfiles=256:\
230#	:tc=default:
231#
232#
233##
234## The dialer class should be used for a dialup PPP account
235## Welcome messages/news suppressed
236##
237#dialer:\
238#	:hushlogin:\
239#	:requirehome@:\
240#	:cputime=unlimited:\
241#	:filesize=2M:\
242#	:datasize=2M:\
243#	:stacksize=4M:\
244#	:coredumpsize=0:\
245#	:memoryuse=4M:\
246#	:memorylocked=1M:\
247#	:maxproc=16:\
248#	:openfiles=32:\
249#	:tc=standard:
250#
251#
252##
253## Site full-time 24/7 PPP connection
254## - no time accounting, restricted to access via dialin lines
255##
256#site:\
257#	:ignoretime:\
258#	:passwordtime@:\
259#	:refreshtime@:\
260#	:refreshperiod@:\
261#	:sessionlimit@:\
262#	:autodelete@:\
263#	:expireperiod@:\
264#	:graceexpire@:\
265#	:gracetime@:\
266#	:warnexpire@:\
267#	:warnpassword@:\
268#	:idletime@:\
269#	:sessiontime@:\
270#	:daytime@:\
271#	:weektime@:\
272#	:monthtime@:\
273#	:warntime@:\
274#	:accounted@:\
275#	:tc=dialer:\
276#	:tc=staff:
277#
278#
279##
280## Example standard accounting entries for subscriber levels
281##
282#
283#subscriber|Subscribers:\
284#	:accounted:\
285#	:refreshtime=180d:\
286#	:refreshperiod@:\
287#	:sessionlimit@:\
288#	:autodelete=30d:\
289#	:expireperiod=180d:\
290#	:graceexpire=7d:\
291#	:gracetime=10m:\
292#	:warnexpire=7d:\
293#	:warnpassword=7d:\
294#	:idletime=30m:\
295#	:sessiontime=4h:\
296#	:daytime=6h:\
297#	:weektime=40h:\
298#	:monthtime=120h:\
299#	:warntime=4h:\
300#	:tc=standard:
301#
302#
303##
304## Subscriber accounts. These accounts have their login times
305## accounted and have access limits applied.
306##
307#subppp|PPP Subscriber Accounts:\
308#	:tc=dialer:\
309#	:tc=subscriber:
310#
311#
312#subshell|Shell Subscriber Accounts:\
313#	:tc=subscriber:
314#
315##
316## If you want some of the accounts to use traditional UNIX DES based
317## password hashes.
318##
319#des_users:\
320#	:passwd_format=des:\
321#	:tc=default:
322