login.conf revision 170088
1# login.conf - login class capabilities database. 2# 3# Remember to rebuild the database after each change to this file: 4# 5# cap_mkdb /etc/login.conf 6# 7# This file controls resource limits, accounting limits and 8# default user environment settings. 9# 10# $FreeBSD: head/etc/login.conf 170088 2007-05-29 06:37:58Z dougb $ 11# 12 13# Default settings effectively disable resource limits, see the 14# examples below for a starting point to enable them. 15 16# defaults 17# These settings are used by login(1) by default for classless users 18# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 19# 20# Note that since a colon ':' is used to separate capability entries, 21# a \c escape sequence must be used to embed a literal colon in the 22# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX 23# AND SEMANTICS'' section of getcap(3) for more escape sequences). 24 25default:\ 26 :passwd_format=md5:\ 27 :copyright=/etc/COPYRIGHT:\ 28 :welcome=/etc/motd:\ 29 :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\ 30 :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin ~/bin:\ 31 :nologin=/var/run/nologin:\ 32 :cputime=unlimited:\ 33 :datasize=unlimited:\ 34 :stacksize=unlimited:\ 35 :memorylocked=unlimited:\ 36 :memoryuse=unlimited:\ 37 :filesize=unlimited:\ 38 :coredumpsize=unlimited:\ 39 :openfiles=unlimited:\ 40 :maxproc=unlimited:\ 41 :sbsize=unlimited:\ 42 :vmemoryuse=unlimited:\ 43 :priority=0:\ 44 :ignoretime@:\ 45 :umask=022: 46 47 48# 49# A collection of common class names - forward them all to 'default' 50# (login would normally do this anyway, but having a class name 51# here suppresses the diagnostic) 52# 53standard:\ 54 :tc=default: 55xuser:\ 56 :tc=default: 57staff:\ 58 :tc=default: 59daemon:\ 60 :tc=default: 61news:\ 62 :tc=default: 63dialer:\ 64 :tc=default: 65 66# 67# Root can always login 68# 69# N.B. login_getpwclass(3) will use this entry for the root account, 70# in preference to 'default'. 71root:\ 72 :ignorenologin:\ 73 :tc=default: 74 75# 76# Russian Users Accounts. Setup proper environment variables. 77# 78russian|Russian Users Accounts:\ 79 :charset=KOI8-R:\ 80 :lang=ru_RU.KOI8-R:\ 81 :tc=default: 82 83 84###################################################################### 85###################################################################### 86## 87## Example entries 88## 89###################################################################### 90###################################################################### 91 92## Example defaults 93## These settings are used by login(1) by default for classless users 94## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 95# 96#default:\ 97# :cputime=infinity:\ 98# :datasize-cur=22M:\ 99# :stacksize-cur=8M:\ 100# :memorylocked-cur=10M:\ 101# :memoryuse-cur=30M:\ 102# :filesize=infinity:\ 103# :coredumpsize=infinity:\ 104# :maxproc-cur=64:\ 105# :openfiles-cur=64:\ 106# :priority=0:\ 107# :requirehome@:\ 108# :umask=022:\ 109# :tc=auth-defaults: 110# 111# 112## 113## standard - standard user defaults 114## 115#standard:\ 116# :copyright=/etc/COPYRIGHT:\ 117# :welcome=/etc/motd:\ 118# :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ 119# :path=~/bin /bin /usr/bin /usr/local/bin:\ 120# :manpath=/usr/share/man /usr/local/man:\ 121# :nologin=/var/run/nologin:\ 122# :cputime=1h30m:\ 123# :datasize=8M:\ 124# :vmemoryuse=100M:\ 125# :stacksize=2M:\ 126# :memorylocked=4M:\ 127# :memoryuse=8M:\ 128# :filesize=8M:\ 129# :coredumpsize=8M:\ 130# :openfiles=24:\ 131# :maxproc=32:\ 132# :priority=0:\ 133# :requirehome:\ 134# :passwordtime=90d:\ 135# :umask=002:\ 136# :ignoretime@:\ 137# :tc=default: 138# 139# 140## 141## users of X (needs more resources!) 142## 143#xuser:\ 144# :manpath=/usr/share/man /usr/local/man:\ 145# :cputime=4h:\ 146# :datasize=12M:\ 147# :vmemoryuse=infinity:\ 148# :stacksize=4M:\ 149# :filesize=8M:\ 150# :memoryuse=16M:\ 151# :openfiles=32:\ 152# :maxproc=48:\ 153# :tc=standard: 154# 155# 156## 157## Staff users - few restrictions and allow login anytime 158## 159#staff:\ 160# :ignorenologin:\ 161# :ignoretime:\ 162# :requirehome@:\ 163# :accounted@:\ 164# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 165# :umask=022:\ 166# :tc=standard: 167# 168# 169## 170## root - fallback for root logins 171## 172#root:\ 173# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 174# :cputime=infinity:\ 175# :datasize=infinity:\ 176# :stacksize=infinity:\ 177# :memorylocked=infinity:\ 178# :memoryuse=infinity:\ 179# :filesize=infinity:\ 180# :coredumpsize=infinity:\ 181# :openfiles=infinity:\ 182# :maxproc=infinity:\ 183# :memoryuse-cur=32M:\ 184# :maxproc-cur=64:\ 185# :openfiles-cur=1024:\ 186# :priority=0:\ 187# :requirehome@:\ 188# :umask=022:\ 189# :tc=auth-root-defaults: 190# 191# 192## 193## Settings used by /etc/rc 194## 195#daemon:\ 196# :coredumpsize@:\ 197# :coredumpsize-cur=0:\ 198# :datasize=infinity:\ 199# :datasize-cur@:\ 200# :maxproc=512:\ 201# :maxproc-cur@:\ 202# :memoryuse-cur=64M:\ 203# :memorylocked-cur=64M:\ 204# :openfiles=1024:\ 205# :openfiles-cur@:\ 206# :stacksize=16M:\ 207# :stacksize-cur@:\ 208# :tc=default: 209# 210# 211## 212## Settings used by news subsystem 213## 214#news:\ 215# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 216# :cputime=infinity:\ 217# :filesize=128M:\ 218# :datasize-cur=64M:\ 219# :stacksize-cur=32M:\ 220# :coredumpsize-cur=0:\ 221# :maxmemorysize-cur=128M:\ 222# :memorylocked=32M:\ 223# :maxproc=128:\ 224# :openfiles=256:\ 225# :tc=default: 226# 227# 228## 229## The dialer class should be used for a dialup PPP/SLIP accounts 230## Welcome messages/news suppressed 231## 232#dialer:\ 233# :hushlogin:\ 234# :requirehome@:\ 235# :cputime=unlimited:\ 236# :filesize=2M:\ 237# :datasize=2M:\ 238# :stacksize=4M:\ 239# :coredumpsize=0:\ 240# :memoryuse=4M:\ 241# :memorylocked=1M:\ 242# :maxproc=16:\ 243# :openfiles=32:\ 244# :tc=standard: 245# 246# 247## 248## Site full-time 24/7 PPP/SLIP connections 249## - no time accounting, restricted to access via dialin lines 250## 251#site:\ 252# :ignoretime:\ 253# :passwordtime@:\ 254# :refreshtime@:\ 255# :refreshperiod@:\ 256# :sessionlimit@:\ 257# :autodelete@:\ 258# :expireperiod@:\ 259# :graceexpire@:\ 260# :gracetime@:\ 261# :warnexpire@:\ 262# :warnpassword@:\ 263# :idletime@:\ 264# :sessiontime@:\ 265# :daytime@:\ 266# :weektime@:\ 267# :monthtime@:\ 268# :warntime@:\ 269# :accounted@:\ 270# :tc=dialer:\ 271# :tc=staff: 272# 273# 274## 275## Example standard accounting entries for subscriber levels 276## 277# 278#subscriber|Subscribers:\ 279# :accounted:\ 280# :refreshtime=180d:\ 281# :refreshperiod@:\ 282# :sessionlimit@:\ 283# :autodelete=30d:\ 284# :expireperiod=180d:\ 285# :graceexpire=7d:\ 286# :gracetime=10m:\ 287# :warnexpire=7d:\ 288# :warnpassword=7d:\ 289# :idletime=30m:\ 290# :sessiontime=4h:\ 291# :daytime=6h:\ 292# :weektime=40h:\ 293# :monthtime=120h:\ 294# :warntime=4h:\ 295# :tc=standard: 296# 297# 298## 299## Subscriber accounts. These accounts have their login times 300## accounted and have access limits applied. 301## 302#subppp|PPP Subscriber Accounts:\ 303# :tc=dialer:\ 304# :tc=subscriber: 305# 306# 307#subslip|SLIP Subscriber Accounts:\ 308# :tc=dialer:\ 309# :tc=subscriber: 310# 311# 312#subshell|Shell Subscriber Accounts:\ 313# :tc=subscriber: 314# 315## 316## If you want some of the accounts to use traditional UNIX DES based 317## password hashes. 318## 319#des_users:\ 320# :passwd_format=des:\ 321# :tc=default: 322