login.conf revision 130151 
1# login.conf - login class capabilities database.
2#
3# Remember to rebuild the database after each change to this file:
4#
5#	cap_mkdb /etc/login.conf
6#
7# This file controls resource limits, accounting limits and
8# default user environment settings.
9#
10# $FreeBSD: head/etc/login.conf 130151 2004-06-06 11:46:29Z schweikh $
11#
12
13# Default settings effectively disable resource limits, see the
14# examples below for a starting point to enable them.
15
16# defaults
17# These settings are used by login(1) by default for classless users
18# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
19
20default:\
21	:passwd_format=md5:\
22	:copyright=/etc/COPYRIGHT:\
23	:welcome=/etc/motd:\
24	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
25	:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
26	:nologin=/var/run/nologin:\
27	:cputime=unlimited:\
28	:datasize=unlimited:\
29	:stacksize=unlimited:\
30	:memorylocked=unlimited:\
31	:memoryuse=unlimited:\
32	:filesize=unlimited:\
33	:coredumpsize=unlimited:\
34	:openfiles=unlimited:\
35	:maxproc=unlimited:\
36	:sbsize=unlimited:\
37	:vmemoryuse=unlimited:\
38	:priority=0:\
39	:ignoretime@:\
40	:umask=022:
41
42
43#
44# A collection of common class names - forward them all to 'default'
45# (login would normally do this anyway, but having a class name
46#  here suppresses the diagnostic)
47#
48standard:\
49	:tc=default:
50xuser:\
51	:tc=default:
52staff:\
53	:tc=default:
54daemon:\
55	:tc=default:
56news:\
57	:tc=default:
58dialer:\
59	:tc=default:
60
61#
62# Root can always login
63#
64# N.B.  login_getpwclass(3) will use this entry for the root account,
65#       in preference to 'default'.
66root:\
67	:ignorenologin:\
68	:tc=default:
69
70#
71# Russian Users Accounts. Setup proper environment variables.
72#
73russian|Russian Users Accounts:\
74	:charset=KOI8-R:\
75	:lang=ru_RU.KOI8-R:\
76	:tc=default:
77
78
79######################################################################
80######################################################################
81##
82## Example entries
83##
84######################################################################
85######################################################################
86
87## Example defaults
88## These settings are used by login(1) by default for classless users
89## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
90#
91#default:\
92#	:cputime=infinity:\
93#	:datasize-cur=22M:\
94#	:stacksize-cur=8M:\
95#	:memorylocked-cur=10M:\
96#	:memoryuse-cur=30M:\
97#	:filesize=infinity:\
98#	:coredumpsize=infinity:\
99#	:maxproc-cur=64:\
100#	:openfiles-cur=64:\
101#	:priority=0:\
102#	:requirehome@:\
103#	:umask=022:\
104#	:tc=auth-defaults:
105#
106#
107##
108## standard - standard user defaults
109##
110#standard:\
111#	:copyright=/etc/COPYRIGHT:\
112#	:welcome=/etc/motd:\
113#	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
114#	:path=~/bin /bin /usr/bin /usr/local/bin:\
115#	:manpath=/usr/share/man /usr/local/man:\
116#	:nologin=/var/run/nologin:\
117#	:cputime=1h30m:\
118#	:datasize=8M:\
119#	:vmemoryuse=100M:\
120#	:stacksize=2M:\
121#	:memorylocked=4M:\
122#	:memoryuse=8M:\
123#	:filesize=8M:\
124#	:coredumpsize=8M:\
125#	:openfiles=24:\
126#	:maxproc=32:\
127#	:priority=0:\
128#	:requirehome:\
129#	:passwordtime=90d:\
130#	:umask=002:\
131#	:ignoretime@:\
132#	:tc=default:
133#
134#
135##
136## users of X (needs more resources!)
137##
138#xuser:\
139#	:manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\
140#	:cputime=4h:\
141#	:datasize=12M:\
142#	:vmemoryuse=infinity:\
143#	:stacksize=4M:\
144#	:filesize=8M:\
145#	:memoryuse=16M:\
146#	:openfiles=32:\
147#	:maxproc=48:\
148#	:tc=standard:
149#
150#
151##
152## Staff users - few restrictions and allow login anytime
153##
154#staff:\
155#	:ignorenologin:\
156#	:ignoretime:\
157#	:requirehome@:\
158#	:accounted@:\
159#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
160#	:umask=022:\
161#	:tc=standard:
162#
163#
164##
165## root - fallback for root logins
166##
167#root:\
168#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
169#	:cputime=infinity:\
170#	:datasize=infinity:\
171#	:stacksize=infinity:\
172#	:memorylocked=infinity:\
173#	:memoryuse=infinity:\
174#	:filesize=infinity:\
175#	:coredumpsize=infinity:\
176#	:openfiles=infinity:\
177#	:maxproc=infinity:\
178#	:memoryuse-cur=32M:\
179#	:maxproc-cur=64:\
180#	:openfiles-cur=1024:\
181#	:priority=0:\
182#	:requirehome@:\
183#	:umask=022:\
184#	:tc=auth-root-defaults:
185#
186#
187##
188## Settings used by /etc/rc
189##
190#daemon:\
191#	:coredumpsize@:\
192#	:coredumpsize-cur=0:\
193#	:datasize=infinity:\
194#	:datasize-cur@:\
195#	:maxproc=512:\
196#	:maxproc-cur@:\
197#	:memoryuse-cur=64M:\
198#	:memorylocked-cur=64M:\
199#	:openfiles=1024:\
200#	:openfiles-cur@:\
201#	:stacksize=16M:\
202#	:stacksize-cur@:\
203#	:tc=default:
204#
205#
206##
207## Settings used by news subsystem
208##
209#news:\
210#	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
211#	:cputime=infinity:\
212#	:filesize=128M:\
213#	:datasize-cur=64M:\
214#	:stacksize-cur=32M:\
215#	:coredumpsize-cur=0:\
216#	:maxmemorysize-cur=128M:\
217#	:memorylocked=32M:\
218#	:maxproc=128:\
219#	:openfiles=256:\
220#	:tc=default:
221#
222#
223##
224## The dialer class should be used for a dialup PPP/SLIP accounts
225## Welcome messages/news suppressed
226##
227#dialer:\
228#	:hushlogin:\
229#	:requirehome@:\
230#	:cputime=unlimited:\
231#	:filesize=2M:\
232#	:datasize=2M:\
233#	:stacksize=4M:\
234#	:coredumpsize=0:\
235#	:memoryuse=4M:\
236#	:memorylocked=1M:\
237#	:maxproc=16:\
238#	:openfiles=32:\
239#	:tc=standard:
240#
241#
242##
243## Site full-time 24/7 PPP/SLIP connections
244## - no time accounting, restricted to access via dialin lines
245##
246#site:\
247#	:ignoretime:\
248#	:passwordtime@:\
249#	:refreshtime@:\
250#	:refreshperiod@:\
251#	:sessionlimit@:\
252#	:autodelete@:\
253#	:expireperiod@:\
254#	:graceexpire@:\
255#	:gracetime@:\
256#	:warnexpire@:\
257#	:warnpassword@:\
258#	:idletime@:\
259#	:sessiontime@:\
260#	:daytime@:\
261#	:weektime@:\
262#	:monthtime@:\
263#	:warntime@:\
264#	:accounted@:\
265#	:tc=dialer:\
266#	:tc=staff:
267#
268#
269##
270## Example standard accounting entries for subscriber levels
271##
272#
273#subscriber|Subscribers:\
274#	:accounted:\
275#	:refreshtime=180d:\
276#	:refreshperiod@:\
277#	:sessionlimit@:\
278#	:autodelete=30d:\
279#	:expireperiod=180d:\
280#	:graceexpire=7d:\
281#	:gracetime=10m:\
282#	:warnexpire=7d:\
283#	:warnpassword=7d:\
284#	:idletime=30m:\
285#	:sessiontime=4h:\
286#	:daytime=6h:\
287#	:weektime=40h:\
288#	:monthtime=120h:\
289#	:warntime=4h:\
290#	:tc=standard:
291#
292#
293##
294## Subscriber accounts. These accounts have their login times
295## accounted and have access limits applied.
296##
297#subppp|PPP Subscriber Accounts:\
298#	:tc=dialer:\
299#	:tc=subscriber:
300#
301#
302#subslip|SLIP Subscriber Accounts:\
303#	:tc=dialer:\
304#	:tc=subscriber:
305#
306#
307#subshell|Shell Subscriber Accounts:\
308#	:tc=subscriber:
309#
310##
311## If you want some of the accounts to use traditional UNIX DES based
312## password hashes.
313##
314#des_users:\
315#	:passwd_format=des:\
316#	:tc=default:
317