login.conf revision 170088 
1# login.conf - login class capabilities database.
2#
3# Remember to rebuild the database after each change to this file:
4#
5#	cap_mkdb /etc/login.conf
6#
7# This file controls resource limits, accounting limits and
8# default user environment settings.
9#
10# $FreeBSD: head/etc/login.conf 170088 2007-05-29 06:37:58Z dougb $
11#
12
13# Default settings effectively disable resource limits, see the
14# examples below for a starting point to enable them.
15
16# defaults
17# These settings are used by login(1) by default for classless users
18# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
19#
20# Note that since a colon ':' is used to separate capability entries,
21# a \c escape sequence must be used to embed a literal colon in the
22# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX
23# AND SEMANTICS'' section of getcap(3) for more escape sequences).
24
25default:\
26	:passwd_format=md5:\
27	:copyright=/etc/COPYRIGHT:\
28	:welcome=/etc/motd:\
29	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
30	:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin ~/bin:\
31	:nologin=/var/run/nologin:\
32	:cputime=unlimited:\
33	:datasize=unlimited:\
34	:stacksize=unlimited:\
35	:memorylocked=unlimited:\
36	:memoryuse=unlimited:\
37	:filesize=unlimited:\
38	:coredumpsize=unlimited:\
39	:openfiles=unlimited:\
40	:maxproc=unlimited:\
41	:sbsize=unlimited:\
42	:vmemoryuse=unlimited:\
43	:priority=0:\
44	:ignoretime@:\
45	:umask=022:
46
47
48#
49# A collection of common class names - forward them all to 'default'
50# (login would normally do this anyway, but having a class name
51#  here suppresses the diagnostic)
52#
53standard:\
54	:tc=default:
55xuser:\
56	:tc=default:
57staff:\
58	:tc=default:
59daemon:\
60	:tc=default:
61news:\
62	:tc=default:
63dialer:\
64	:tc=default:
65
66#
67# Root can always login
68#
69# N.B.  login_getpwclass(3) will use this entry for the root account,
70#       in preference to 'default'.
71root:\
72	:ignorenologin:\
73	:tc=default:
74
75#
76# Russian Users Accounts. Setup proper environment variables.
77#
78russian|Russian Users Accounts:\
79	:charset=KOI8-R:\
80	:lang=ru_RU.KOI8-R:\
81	:tc=default:
82
83
84######################################################################
85######################################################################
86##
87## Example entries
88##
89######################################################################
90######################################################################
91
92## Example defaults
93## These settings are used by login(1) by default for classless users
94## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
95#
96#default:\
97#	:cputime=infinity:\
98#	:datasize-cur=22M:\
99#	:stacksize-cur=8M:\
100#	:memorylocked-cur=10M:\
101#	:memoryuse-cur=30M:\
102#	:filesize=infinity:\
103#	:coredumpsize=infinity:\
104#	:maxproc-cur=64:\
105#	:openfiles-cur=64:\
106#	:priority=0:\
107#	:requirehome@:\
108#	:umask=022:\
109#	:tc=auth-defaults:
110#
111#
112##
113## standard - standard user defaults
114##
115#standard:\
116#	:copyright=/etc/COPYRIGHT:\
117#	:welcome=/etc/motd:\
118#	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
119#	:path=~/bin /bin /usr/bin /usr/local/bin:\
120#	:manpath=/usr/share/man /usr/local/man:\
121#	:nologin=/var/run/nologin:\
122#	:cputime=1h30m:\
123#	:datasize=8M:\
124#	:vmemoryuse=100M:\
125#	:stacksize=2M:\
126#	:memorylocked=4M:\
127#	:memoryuse=8M:\
128#	:filesize=8M:\
129#	:coredumpsize=8M:\
130#	:openfiles=24:\
131#	:maxproc=32:\
132#	:priority=0:\
133#	:requirehome:\
134#	:passwordtime=90d:\
135#	:umask=002:\
136#	:ignoretime@:\
137#	:tc=default:
138#
139#
140##
141## users of X (needs more resources!)
142##
143#xuser:\
144#	:manpath=/usr/share/man /usr/local/man:\
145#	:cputime=4h:\
146#	:datasize=12M:\
147#	:vmemoryuse=infinity:\
148#	:stacksize=4M:\
149#	:filesize=8M:\
150#	:memoryuse=16M:\
151#	:openfiles=32:\
152#	:maxproc=48:\
153#	:tc=standard:
154#
155#
156##
157## Staff users - few restrictions and allow login anytime
158##
159#staff:\
160#	:ignorenologin:\
161#	:ignoretime:\
162#	:requirehome@:\
163#	:accounted@:\
164#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
165#	:umask=022:\
166#	:tc=standard:
167#
168#
169##
170## root - fallback for root logins
171##
172#root:\
173#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
174#	:cputime=infinity:\
175#	:datasize=infinity:\
176#	:stacksize=infinity:\
177#	:memorylocked=infinity:\
178#	:memoryuse=infinity:\
179#	:filesize=infinity:\
180#	:coredumpsize=infinity:\
181#	:openfiles=infinity:\
182#	:maxproc=infinity:\
183#	:memoryuse-cur=32M:\
184#	:maxproc-cur=64:\
185#	:openfiles-cur=1024:\
186#	:priority=0:\
187#	:requirehome@:\
188#	:umask=022:\
189#	:tc=auth-root-defaults:
190#
191#
192##
193## Settings used by /etc/rc
194##
195#daemon:\
196#	:coredumpsize@:\
197#	:coredumpsize-cur=0:\
198#	:datasize=infinity:\
199#	:datasize-cur@:\
200#	:maxproc=512:\
201#	:maxproc-cur@:\
202#	:memoryuse-cur=64M:\
203#	:memorylocked-cur=64M:\
204#	:openfiles=1024:\
205#	:openfiles-cur@:\
206#	:stacksize=16M:\
207#	:stacksize-cur@:\
208#	:tc=default:
209#
210#
211##
212## Settings used by news subsystem
213##
214#news:\
215#	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
216#	:cputime=infinity:\
217#	:filesize=128M:\
218#	:datasize-cur=64M:\
219#	:stacksize-cur=32M:\
220#	:coredumpsize-cur=0:\
221#	:maxmemorysize-cur=128M:\
222#	:memorylocked=32M:\
223#	:maxproc=128:\
224#	:openfiles=256:\
225#	:tc=default:
226#
227#
228##
229## The dialer class should be used for a dialup PPP/SLIP accounts
230## Welcome messages/news suppressed
231##
232#dialer:\
233#	:hushlogin:\
234#	:requirehome@:\
235#	:cputime=unlimited:\
236#	:filesize=2M:\
237#	:datasize=2M:\
238#	:stacksize=4M:\
239#	:coredumpsize=0:\
240#	:memoryuse=4M:\
241#	:memorylocked=1M:\
242#	:maxproc=16:\
243#	:openfiles=32:\
244#	:tc=standard:
245#
246#
247##
248## Site full-time 24/7 PPP/SLIP connections
249## - no time accounting, restricted to access via dialin lines
250##
251#site:\
252#	:ignoretime:\
253#	:passwordtime@:\
254#	:refreshtime@:\
255#	:refreshperiod@:\
256#	:sessionlimit@:\
257#	:autodelete@:\
258#	:expireperiod@:\
259#	:graceexpire@:\
260#	:gracetime@:\
261#	:warnexpire@:\
262#	:warnpassword@:\
263#	:idletime@:\
264#	:sessiontime@:\
265#	:daytime@:\
266#	:weektime@:\
267#	:monthtime@:\
268#	:warntime@:\
269#	:accounted@:\
270#	:tc=dialer:\
271#	:tc=staff:
272#
273#
274##
275## Example standard accounting entries for subscriber levels
276##
277#
278#subscriber|Subscribers:\
279#	:accounted:\
280#	:refreshtime=180d:\
281#	:refreshperiod@:\
282#	:sessionlimit@:\
283#	:autodelete=30d:\
284#	:expireperiod=180d:\
285#	:graceexpire=7d:\
286#	:gracetime=10m:\
287#	:warnexpire=7d:\
288#	:warnpassword=7d:\
289#	:idletime=30m:\
290#	:sessiontime=4h:\
291#	:daytime=6h:\
292#	:weektime=40h:\
293#	:monthtime=120h:\
294#	:warntime=4h:\
295#	:tc=standard:
296#
297#
298##
299## Subscriber accounts. These accounts have their login times
300## accounted and have access limits applied.
301##
302#subppp|PPP Subscriber Accounts:\
303#	:tc=dialer:\
304#	:tc=subscriber:
305#
306#
307#subslip|SLIP Subscriber Accounts:\
308#	:tc=dialer:\
309#	:tc=subscriber:
310#
311#
312#subshell|Shell Subscriber Accounts:\
313#	:tc=subscriber:
314#
315##
316## If you want some of the accounts to use traditional UNIX DES based
317## password hashes.
318##
319#des_users:\
320#	:passwd_format=des:\
321#	:tc=default:
322