login.conf revision 149672
1104349Sphk# login.conf - login class capabilities database. 2104349Sphk# 3104349Sphk# Remember to rebuild the database after each change to this file: 4104349Sphk# 5104349Sphk# cap_mkdb /etc/login.conf 6104349Sphk# 7104349Sphk# This file controls resource limits, accounting limits and 8104349Sphk# default user environment settings. 9104349Sphk# 10104349Sphk# $FreeBSD: head/etc/login.conf 149672 2005-08-31 15:02:11Z keramida $ 11104349Sphk# 12104349Sphk 13104349Sphk# Default settings effectively disable resource limits, see the 14104349Sphk# examples below for a starting point to enable them. 15104349Sphk 16104349Sphk# defaults 17104349Sphk# These settings are used by login(1) by default for classless users 18104349Sphk# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 19104349Sphk# 20104349Sphk# Note that since a colon ':' is used to separate capability entries, 21104349Sphk# a \c escape sequence must be used to embed a literal colon in the 22104349Sphk# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX 23104349Sphk# AND SEMANTICS'' section of getcap(3) for more escape sequences). 24104349Sphk 25104349Sphkdefault:\ 26104349Sphk :passwd_format=md5:\ 27104349Sphk :copyright=/etc/COPYRIGHT:\ 28104349Sphk :welcome=/etc/motd:\ 29104349Sphk :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\ 30104349Sphk :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\ 31104349Sphk :nologin=/var/run/nologin:\ 32104349Sphk :cputime=unlimited:\ 33104349Sphk :datasize=unlimited:\ 34104349Sphk :stacksize=unlimited:\ 35104349Sphk :memorylocked=unlimited:\ 36104349Sphk :memoryuse=unlimited:\ 37104349Sphk :filesize=unlimited:\ 38104349Sphk :coredumpsize=unlimited:\ 39104349Sphk :openfiles=unlimited:\ 40104349Sphk :maxproc=unlimited:\ 41104349Sphk :sbsize=unlimited:\ 42104349Sphk :vmemoryuse=unlimited:\ 43104349Sphk :priority=0:\ 44104349Sphk :ignoretime@:\ 45104349Sphk :umask=022: 46104349Sphk 47104349Sphk 48104349Sphk# 49104349Sphk# A collection of common class names - forward them all to 'default' 50104349Sphk# (login would normally do this anyway, but having a class name 51104349Sphk# here suppresses the diagnostic) 52104349Sphk# 53104349Sphkstandard:\ 54104349Sphk :tc=default: 55104349Sphkxuser:\ 56104349Sphk :tc=default: 57104349Sphkstaff:\ 58104349Sphk :tc=default: 59104349Sphkdaemon:\ 60104349Sphk :tc=default: 61104349Sphknews:\ 62104349Sphk :tc=default: 63104349Sphkdialer:\ 64104349Sphk :tc=default: 65104349Sphk 66104349Sphk# 67104349Sphk# Root can always login 68104349Sphk# 69104349Sphk# N.B. login_getpwclass(3) will use this entry for the root account, 70104349Sphk# in preference to 'default'. 71104349Sphkroot:\ 72104349Sphk :ignorenologin:\ 73104349Sphk :tc=default: 74104349Sphk 75104349Sphk# 76104349Sphk# Russian Users Accounts. Setup proper environment variables. 77104349Sphk# 78104349Sphkrussian|Russian Users Accounts:\ 79104349Sphk :charset=KOI8-R:\ 80104349Sphk :lang=ru_RU.KOI8-R:\ 81104349Sphk :tc=default: 82104349Sphk 83104349Sphk 84104349Sphk###################################################################### 85104349Sphk###################################################################### 86104349Sphk## 87104349Sphk## Example entries 88104349Sphk## 89104349Sphk###################################################################### 90104349Sphk###################################################################### 91104349Sphk 92104349Sphk## Example defaults 93104349Sphk## These settings are used by login(1) by default for classless users 94104349Sphk## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 95104349Sphk# 96104349Sphk#default:\ 97104349Sphk# :cputime=infinity:\ 98104349Sphk# :datasize-cur=22M:\ 99104349Sphk# :stacksize-cur=8M:\ 100104349Sphk# :memorylocked-cur=10M:\ 101104349Sphk# :memoryuse-cur=30M:\ 102104349Sphk# :filesize=infinity:\ 103104349Sphk# :coredumpsize=infinity:\ 104104349Sphk# :maxproc-cur=64:\ 105104349Sphk# :openfiles-cur=64:\ 106104349Sphk# :priority=0:\ 107104349Sphk# :requirehome@:\ 108104349Sphk# :umask=022:\ 109104349Sphk# :tc=auth-defaults: 110104349Sphk# 111104349Sphk# 112104349Sphk## 113104349Sphk## standard - standard user defaults 114104349Sphk## 115104349Sphk#standard:\ 116104349Sphk# :copyright=/etc/COPYRIGHT:\ 117104349Sphk# :welcome=/etc/motd:\ 118104349Sphk# :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ 119104349Sphk# :path=~/bin /bin /usr/bin /usr/local/bin:\ 120104349Sphk# :manpath=/usr/share/man /usr/local/man:\ 121104349Sphk# :nologin=/var/run/nologin:\ 122104349Sphk# :cputime=1h30m:\ 123104349Sphk# :datasize=8M:\ 124104349Sphk# :vmemoryuse=100M:\ 125104349Sphk# :stacksize=2M:\ 126104349Sphk# :memorylocked=4M:\ 127104349Sphk# :memoryuse=8M:\ 128104349Sphk# :filesize=8M:\ 129104349Sphk# :coredumpsize=8M:\ 130104349Sphk# :openfiles=24:\ 131104349Sphk# :maxproc=32:\ 132104349Sphk# :priority=0:\ 133104349Sphk# :requirehome:\ 134104349Sphk# :passwordtime=90d:\ 135104349Sphk# :umask=002:\ 136104349Sphk# :ignoretime@:\ 137104349Sphk# :tc=default: 138104349Sphk# 139104349Sphk# 140104349Sphk## 141104349Sphk## users of X (needs more resources!) 142104349Sphk## 143104349Sphk#xuser:\ 144104349Sphk# :manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\ 145104349Sphk# :cputime=4h:\ 146104349Sphk# :datasize=12M:\ 147104349Sphk# :vmemoryuse=infinity:\ 148# :stacksize=4M:\ 149# :filesize=8M:\ 150# :memoryuse=16M:\ 151# :openfiles=32:\ 152# :maxproc=48:\ 153# :tc=standard: 154# 155# 156## 157## Staff users - few restrictions and allow login anytime 158## 159#staff:\ 160# :ignorenologin:\ 161# :ignoretime:\ 162# :requirehome@:\ 163# :accounted@:\ 164# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 165# :umask=022:\ 166# :tc=standard: 167# 168# 169## 170## root - fallback for root logins 171## 172#root:\ 173# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 174# :cputime=infinity:\ 175# :datasize=infinity:\ 176# :stacksize=infinity:\ 177# :memorylocked=infinity:\ 178# :memoryuse=infinity:\ 179# :filesize=infinity:\ 180# :coredumpsize=infinity:\ 181# :openfiles=infinity:\ 182# :maxproc=infinity:\ 183# :memoryuse-cur=32M:\ 184# :maxproc-cur=64:\ 185# :openfiles-cur=1024:\ 186# :priority=0:\ 187# :requirehome@:\ 188# :umask=022:\ 189# :tc=auth-root-defaults: 190# 191# 192## 193## Settings used by /etc/rc 194## 195#daemon:\ 196# :coredumpsize@:\ 197# :coredumpsize-cur=0:\ 198# :datasize=infinity:\ 199# :datasize-cur@:\ 200# :maxproc=512:\ 201# :maxproc-cur@:\ 202# :memoryuse-cur=64M:\ 203# :memorylocked-cur=64M:\ 204# :openfiles=1024:\ 205# :openfiles-cur@:\ 206# :stacksize=16M:\ 207# :stacksize-cur@:\ 208# :tc=default: 209# 210# 211## 212## Settings used by news subsystem 213## 214#news:\ 215# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 216# :cputime=infinity:\ 217# :filesize=128M:\ 218# :datasize-cur=64M:\ 219# :stacksize-cur=32M:\ 220# :coredumpsize-cur=0:\ 221# :maxmemorysize-cur=128M:\ 222# :memorylocked=32M:\ 223# :maxproc=128:\ 224# :openfiles=256:\ 225# :tc=default: 226# 227# 228## 229## The dialer class should be used for a dialup PPP/SLIP accounts 230## Welcome messages/news suppressed 231## 232#dialer:\ 233# :hushlogin:\ 234# :requirehome@:\ 235# :cputime=unlimited:\ 236# :filesize=2M:\ 237# :datasize=2M:\ 238# :stacksize=4M:\ 239# :coredumpsize=0:\ 240# :memoryuse=4M:\ 241# :memorylocked=1M:\ 242# :maxproc=16:\ 243# :openfiles=32:\ 244# :tc=standard: 245# 246# 247## 248## Site full-time 24/7 PPP/SLIP connections 249## - no time accounting, restricted to access via dialin lines 250## 251#site:\ 252# :ignoretime:\ 253# :passwordtime@:\ 254# :refreshtime@:\ 255# :refreshperiod@:\ 256# :sessionlimit@:\ 257# :autodelete@:\ 258# :expireperiod@:\ 259# :graceexpire@:\ 260# :gracetime@:\ 261# :warnexpire@:\ 262# :warnpassword@:\ 263# :idletime@:\ 264# :sessiontime@:\ 265# :daytime@:\ 266# :weektime@:\ 267# :monthtime@:\ 268# :warntime@:\ 269# :accounted@:\ 270# :tc=dialer:\ 271# :tc=staff: 272# 273# 274## 275## Example standard accounting entries for subscriber levels 276## 277# 278#subscriber|Subscribers:\ 279# :accounted:\ 280# :refreshtime=180d:\ 281# :refreshperiod@:\ 282# :sessionlimit@:\ 283# :autodelete=30d:\ 284# :expireperiod=180d:\ 285# :graceexpire=7d:\ 286# :gracetime=10m:\ 287# :warnexpire=7d:\ 288# :warnpassword=7d:\ 289# :idletime=30m:\ 290# :sessiontime=4h:\ 291# :daytime=6h:\ 292# :weektime=40h:\ 293# :monthtime=120h:\ 294# :warntime=4h:\ 295# :tc=standard: 296# 297# 298## 299## Subscriber accounts. These accounts have their login times 300## accounted and have access limits applied. 301## 302#subppp|PPP Subscriber Accounts:\ 303# :tc=dialer:\ 304# :tc=subscriber: 305# 306# 307#subslip|SLIP Subscriber Accounts:\ 308# :tc=dialer:\ 309# :tc=subscriber: 310# 311# 312#subshell|Shell Subscriber Accounts:\ 313# :tc=subscriber: 314# 315## 316## If you want some of the accounts to use traditional UNIX DES based 317## password hashes. 318## 319#des_users:\ 320# :passwd_format=des:\ 321# :tc=default: 322