login.conf revision 149672 
1104349Sphk# login.conf - login class capabilities database.
2104349Sphk#
3104349Sphk# Remember to rebuild the database after each change to this file:
4104349Sphk#
5104349Sphk#	cap_mkdb /etc/login.conf
6104349Sphk#
7104349Sphk# This file controls resource limits, accounting limits and
8104349Sphk# default user environment settings.
9104349Sphk#
10104349Sphk# $FreeBSD: head/etc/login.conf 149672 2005-08-31 15:02:11Z keramida $
11104349Sphk#
12104349Sphk
13104349Sphk# Default settings effectively disable resource limits, see the
14104349Sphk# examples below for a starting point to enable them.
15104349Sphk
16104349Sphk# defaults
17104349Sphk# These settings are used by login(1) by default for classless users
18104349Sphk# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
19104349Sphk#
20104349Sphk# Note that since a colon ':' is used to separate capability entries,
21104349Sphk# a \c escape sequence must be used to embed a literal colon in the
22104349Sphk# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX
23104349Sphk# AND SEMANTICS'' section of getcap(3) for more escape sequences).
24104349Sphk
25104349Sphkdefault:\
26104349Sphk	:passwd_format=md5:\
27104349Sphk	:copyright=/etc/COPYRIGHT:\
28104349Sphk	:welcome=/etc/motd:\
29104349Sphk	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
30104349Sphk	:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
31104349Sphk	:nologin=/var/run/nologin:\
32104349Sphk	:cputime=unlimited:\
33104349Sphk	:datasize=unlimited:\
34104349Sphk	:stacksize=unlimited:\
35104349Sphk	:memorylocked=unlimited:\
36104349Sphk	:memoryuse=unlimited:\
37104349Sphk	:filesize=unlimited:\
38104349Sphk	:coredumpsize=unlimited:\
39104349Sphk	:openfiles=unlimited:\
40104349Sphk	:maxproc=unlimited:\
41104349Sphk	:sbsize=unlimited:\
42104349Sphk	:vmemoryuse=unlimited:\
43104349Sphk	:priority=0:\
44104349Sphk	:ignoretime@:\
45104349Sphk	:umask=022:
46104349Sphk
47104349Sphk
48104349Sphk#
49104349Sphk# A collection of common class names - forward them all to 'default'
50104349Sphk# (login would normally do this anyway, but having a class name
51104349Sphk#  here suppresses the diagnostic)
52104349Sphk#
53104349Sphkstandard:\
54104349Sphk	:tc=default:
55104349Sphkxuser:\
56104349Sphk	:tc=default:
57104349Sphkstaff:\
58104349Sphk	:tc=default:
59104349Sphkdaemon:\
60104349Sphk	:tc=default:
61104349Sphknews:\
62104349Sphk	:tc=default:
63104349Sphkdialer:\
64104349Sphk	:tc=default:
65104349Sphk
66104349Sphk#
67104349Sphk# Root can always login
68104349Sphk#
69104349Sphk# N.B.  login_getpwclass(3) will use this entry for the root account,
70104349Sphk#       in preference to 'default'.
71104349Sphkroot:\
72104349Sphk	:ignorenologin:\
73104349Sphk	:tc=default:
74104349Sphk
75104349Sphk#
76104349Sphk# Russian Users Accounts. Setup proper environment variables.
77104349Sphk#
78104349Sphkrussian|Russian Users Accounts:\
79104349Sphk	:charset=KOI8-R:\
80104349Sphk	:lang=ru_RU.KOI8-R:\
81104349Sphk	:tc=default:
82104349Sphk
83104349Sphk
84104349Sphk######################################################################
85104349Sphk######################################################################
86104349Sphk##
87104349Sphk## Example entries
88104349Sphk##
89104349Sphk######################################################################
90104349Sphk######################################################################
91104349Sphk
92104349Sphk## Example defaults
93104349Sphk## These settings are used by login(1) by default for classless users
94104349Sphk## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
95104349Sphk#
96104349Sphk#default:\
97104349Sphk#	:cputime=infinity:\
98104349Sphk#	:datasize-cur=22M:\
99104349Sphk#	:stacksize-cur=8M:\
100104349Sphk#	:memorylocked-cur=10M:\
101104349Sphk#	:memoryuse-cur=30M:\
102104349Sphk#	:filesize=infinity:\
103104349Sphk#	:coredumpsize=infinity:\
104104349Sphk#	:maxproc-cur=64:\
105104349Sphk#	:openfiles-cur=64:\
106104349Sphk#	:priority=0:\
107104349Sphk#	:requirehome@:\
108104349Sphk#	:umask=022:\
109104349Sphk#	:tc=auth-defaults:
110104349Sphk#
111104349Sphk#
112104349Sphk##
113104349Sphk## standard - standard user defaults
114104349Sphk##
115104349Sphk#standard:\
116104349Sphk#	:copyright=/etc/COPYRIGHT:\
117104349Sphk#	:welcome=/etc/motd:\
118104349Sphk#	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
119104349Sphk#	:path=~/bin /bin /usr/bin /usr/local/bin:\
120104349Sphk#	:manpath=/usr/share/man /usr/local/man:\
121104349Sphk#	:nologin=/var/run/nologin:\
122104349Sphk#	:cputime=1h30m:\
123104349Sphk#	:datasize=8M:\
124104349Sphk#	:vmemoryuse=100M:\
125104349Sphk#	:stacksize=2M:\
126104349Sphk#	:memorylocked=4M:\
127104349Sphk#	:memoryuse=8M:\
128104349Sphk#	:filesize=8M:\
129104349Sphk#	:coredumpsize=8M:\
130104349Sphk#	:openfiles=24:\
131104349Sphk#	:maxproc=32:\
132104349Sphk#	:priority=0:\
133104349Sphk#	:requirehome:\
134104349Sphk#	:passwordtime=90d:\
135104349Sphk#	:umask=002:\
136104349Sphk#	:ignoretime@:\
137104349Sphk#	:tc=default:
138104349Sphk#
139104349Sphk#
140104349Sphk##
141104349Sphk## users of X (needs more resources!)
142104349Sphk##
143104349Sphk#xuser:\
144104349Sphk#	:manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\
145104349Sphk#	:cputime=4h:\
146104349Sphk#	:datasize=12M:\
147104349Sphk#	:vmemoryuse=infinity:\
148#	:stacksize=4M:\
149#	:filesize=8M:\
150#	:memoryuse=16M:\
151#	:openfiles=32:\
152#	:maxproc=48:\
153#	:tc=standard:
154#
155#
156##
157## Staff users - few restrictions and allow login anytime
158##
159#staff:\
160#	:ignorenologin:\
161#	:ignoretime:\
162#	:requirehome@:\
163#	:accounted@:\
164#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
165#	:umask=022:\
166#	:tc=standard:
167#
168#
169##
170## root - fallback for root logins
171##
172#root:\
173#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
174#	:cputime=infinity:\
175#	:datasize=infinity:\
176#	:stacksize=infinity:\
177#	:memorylocked=infinity:\
178#	:memoryuse=infinity:\
179#	:filesize=infinity:\
180#	:coredumpsize=infinity:\
181#	:openfiles=infinity:\
182#	:maxproc=infinity:\
183#	:memoryuse-cur=32M:\
184#	:maxproc-cur=64:\
185#	:openfiles-cur=1024:\
186#	:priority=0:\
187#	:requirehome@:\
188#	:umask=022:\
189#	:tc=auth-root-defaults:
190#
191#
192##
193## Settings used by /etc/rc
194##
195#daemon:\
196#	:coredumpsize@:\
197#	:coredumpsize-cur=0:\
198#	:datasize=infinity:\
199#	:datasize-cur@:\
200#	:maxproc=512:\
201#	:maxproc-cur@:\
202#	:memoryuse-cur=64M:\
203#	:memorylocked-cur=64M:\
204#	:openfiles=1024:\
205#	:openfiles-cur@:\
206#	:stacksize=16M:\
207#	:stacksize-cur@:\
208#	:tc=default:
209#
210#
211##
212## Settings used by news subsystem
213##
214#news:\
215#	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
216#	:cputime=infinity:\
217#	:filesize=128M:\
218#	:datasize-cur=64M:\
219#	:stacksize-cur=32M:\
220#	:coredumpsize-cur=0:\
221#	:maxmemorysize-cur=128M:\
222#	:memorylocked=32M:\
223#	:maxproc=128:\
224#	:openfiles=256:\
225#	:tc=default:
226#
227#
228##
229## The dialer class should be used for a dialup PPP/SLIP accounts
230## Welcome messages/news suppressed
231##
232#dialer:\
233#	:hushlogin:\
234#	:requirehome@:\
235#	:cputime=unlimited:\
236#	:filesize=2M:\
237#	:datasize=2M:\
238#	:stacksize=4M:\
239#	:coredumpsize=0:\
240#	:memoryuse=4M:\
241#	:memorylocked=1M:\
242#	:maxproc=16:\
243#	:openfiles=32:\
244#	:tc=standard:
245#
246#
247##
248## Site full-time 24/7 PPP/SLIP connections
249## - no time accounting, restricted to access via dialin lines
250##
251#site:\
252#	:ignoretime:\
253#	:passwordtime@:\
254#	:refreshtime@:\
255#	:refreshperiod@:\
256#	:sessionlimit@:\
257#	:autodelete@:\
258#	:expireperiod@:\
259#	:graceexpire@:\
260#	:gracetime@:\
261#	:warnexpire@:\
262#	:warnpassword@:\
263#	:idletime@:\
264#	:sessiontime@:\
265#	:daytime@:\
266#	:weektime@:\
267#	:monthtime@:\
268#	:warntime@:\
269#	:accounted@:\
270#	:tc=dialer:\
271#	:tc=staff:
272#
273#
274##
275## Example standard accounting entries for subscriber levels
276##
277#
278#subscriber|Subscribers:\
279#	:accounted:\
280#	:refreshtime=180d:\
281#	:refreshperiod@:\
282#	:sessionlimit@:\
283#	:autodelete=30d:\
284#	:expireperiod=180d:\
285#	:graceexpire=7d:\
286#	:gracetime=10m:\
287#	:warnexpire=7d:\
288#	:warnpassword=7d:\
289#	:idletime=30m:\
290#	:sessiontime=4h:\
291#	:daytime=6h:\
292#	:weektime=40h:\
293#	:monthtime=120h:\
294#	:warntime=4h:\
295#	:tc=standard:
296#
297#
298##
299## Subscriber accounts. These accounts have their login times
300## accounted and have access limits applied.
301##
302#subppp|PPP Subscriber Accounts:\
303#	:tc=dialer:\
304#	:tc=subscriber:
305#
306#
307#subslip|SLIP Subscriber Accounts:\
308#	:tc=dialer:\
309#	:tc=subscriber:
310#
311#
312#subshell|Shell Subscriber Accounts:\
313#	:tc=subscriber:
314#
315##
316## If you want some of the accounts to use traditional UNIX DES based
317## password hashes.
318##
319#des_users:\
320#	:passwd_format=des:\
321#	:tc=default:
322