login.conf revision 238485 
155714Skris# login.conf - login class capabilities database.
255714Skris#
355714Skris# Remember to rebuild the database after each change to this file:
455714Skris#
559191Skris#	cap_mkdb /etc/login.conf
659191Skris#
755714Skris# This file controls resource limits, accounting limits and
855714Skris# default user environment settings.
955714Skris#
1055714Skris# $FreeBSD: stable/9/etc/login.conf 238485 2012-07-15 12:13:15Z des $
1155714Skris#
1255714Skris
1355714Skris# Default settings effectively disable resource limits, see the
1455714Skris# examples below for a starting point to enable them.
1555714Skris
1655714Skris# defaults
1755714Skris# These settings are used by login(1) by default for classless users
1855714Skris# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
1955714Skris#
2055714Skris# Note that since a colon ':' is used to separate capability entries,
2155714Skris# a \c escape sequence must be used to embed a literal colon in the
2255714Skris# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX
2355714Skris# AND SEMANTICS'' section of getcap(3) for more escape sequences).
2455714Skris
2555714Skrisdefault:\
2655714Skris	:passwd_format=sha512:\
2755714Skris	:copyright=/etc/COPYRIGHT:\
2855714Skris	:welcome=/etc/motd:\
2955714Skris	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
3055714Skris	:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin ~/bin:\
3155714Skris	:nologin=/var/run/nologin:\
3255714Skris	:cputime=unlimited:\
3355714Skris	:datasize=unlimited:\
3455714Skris	:stacksize=unlimited:\
3555714Skris	:memorylocked=unlimited:\
3659191Skris	:memoryuse=unlimited:\
3759191Skris	:filesize=unlimited:\
3855714Skris	:coredumpsize=unlimited:\
3955714Skris	:openfiles=unlimited:\
4055714Skris	:maxproc=unlimited:\
4155714Skris	:sbsize=unlimited:\
4255714Skris	:vmemoryuse=unlimited:\
4355714Skris	:swapuse=unlimited:\
4455714Skris	:pseudoterminals=unlimited:\
4555714Skris	:priority=0:\
4655714Skris	:ignoretime@:\
4755714Skris	:umask=022:
4855714Skris
4955714Skris
5055714Skris#
5155714Skris# A collection of common class names - forward them all to 'default'
5255714Skris# (login would normally do this anyway, but having a class name
5355714Skris#  here suppresses the diagnostic)
5455714Skris#
5555714Skrisstandard:\
5655714Skris	:tc=default:
5755714Skrisxuser:\
5855714Skris	:tc=default:
5955714Skrisstaff:\
6055714Skris	:tc=default:
6155714Skrisdaemon:\
6255714Skris	:tc=default:
6355714Skrisnews:\
6455714Skris	:tc=default:
6555714Skrisdialer:\
6655714Skris	:tc=default:
6755714Skris
6855714Skris#
6955714Skris# Root can always login
7055714Skris#
7155714Skris# N.B.  login_getpwclass(3) will use this entry for the root account,
7255714Skris#       in preference to 'default'.
7355714Skrisroot:\
7455714Skris	:ignorenologin:\
7555714Skris	:tc=default:
7655714Skris
7755714Skris#
7855714Skris# Russian Users Accounts. Setup proper environment variables.
7955714Skris#
8055714Skrisrussian|Russian Users Accounts:\
8159191Skris	:charset=KOI8-R:\
8259191Skris	:lang=ru_RU.KOI8-R:\
8359191Skris	:tc=default:
8455714Skris
8555714Skris
8655714Skris######################################################################
8755714Skris######################################################################
8855714Skris##
8955714Skris## Example entries
9055714Skris##
9155714Skris######################################################################
9255714Skris######################################################################
9355714Skris
9455714Skris## Example defaults
9555714Skris## These settings are used by login(1) by default for classless users
9655714Skris## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
9755714Skris#
9855714Skris#default:\
9955714Skris#	:cputime=infinity:\
10055714Skris#	:datasize-cur=22M:\
10155714Skris#	:stacksize-cur=8M:\
10255714Skris#	:memorylocked-cur=10M:\
10355714Skris#	:memoryuse-cur=30M:\
10455714Skris#	:filesize=infinity:\
10555714Skris#	:coredumpsize=infinity:\
10659191Skris#	:maxproc-cur=64:\
10759191Skris#	:openfiles-cur=64:\
10855714Skris#	:priority=0:\
10955714Skris#	:requirehome@:\
11055714Skris#	:umask=022:\
11155714Skris#	:tc=auth-defaults:
11255714Skris#
11355714Skris#
11455714Skris##
11555714Skris## standard - standard user defaults
11655714Skris##
11755714Skris#standard:\
11855714Skris#	:copyright=/etc/COPYRIGHT:\
11955714Skris#	:welcome=/etc/motd:\
12055714Skris#	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
12159191Skris#	:path=~/bin /bin /usr/bin /usr/local/bin:\
12259191Skris#	:manpath=/usr/share/man /usr/local/man:\
12359191Skris#	:nologin=/var/run/nologin:\
12455714Skris#	:cputime=1h30m:\
12555714Skris#	:datasize=8M:\
12659191Skris#	:vmemoryuse=100M:\
12755714Skris#	:stacksize=2M:\
12855714Skris#	:memorylocked=4M:\
12955714Skris#	:memoryuse=8M:\
13055714Skris#	:filesize=8M:\
13155714Skris#	:coredumpsize=8M:\
13255714Skris#	:openfiles=24:\
13355714Skris#	:maxproc=32:\
13455714Skris#	:priority=0:\
13555714Skris#	:requirehome:\
13655714Skris#	:passwordtime=90d:\
13755714Skris#	:umask=002:\
13859191Skris#	:ignoretime@:\
13955714Skris#	:tc=default:
14055714Skris#
14155714Skris#
14255714Skris##
14355714Skris## users of X (needs more resources!)
14455714Skris##
14555714Skris#xuser:\
14655714Skris#	:manpath=/usr/share/man /usr/local/man:\
14755714Skris#	:cputime=4h:\
14855714Skris#	:datasize=12M:\
14959191Skris#	:vmemoryuse=infinity:\
15059191Skris#	:stacksize=4M:\
15155714Skris#	:filesize=8M:\
15255714Skris#	:memoryuse=16M:\
15355714Skris#	:openfiles=32:\
15455714Skris#	:maxproc=48:\
15559191Skris#	:tc=standard:
15655714Skris#
15755714Skris#
15855714Skris##
15955714Skris## Staff users - few restrictions and allow login anytime
16055714Skris##
16155714Skris#staff:\
16255714Skris#	:ignorenologin:\
16355714Skris#	:ignoretime:\
16455714Skris#	:requirehome@:\
16555714Skris#	:accounted@:\
16655714Skris#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
16755714Skris#	:umask=022:\
16855714Skris#	:tc=standard:
16955714Skris#
17055714Skris#
17155714Skris##
17255714Skris## root - fallback for root logins
17355714Skris##
17455714Skris#root:\
17555714Skris#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
17655714Skris#	:cputime=infinity:\
17755714Skris#	:datasize=infinity:\
17855714Skris#	:stacksize=infinity:\
17955714Skris#	:memorylocked=infinity:\
18055714Skris#	:memoryuse=infinity:\
18155714Skris#	:filesize=infinity:\
18255714Skris#	:coredumpsize=infinity:\
18355714Skris#	:openfiles=infinity:\
18455714Skris#	:maxproc=infinity:\
18555714Skris#	:memoryuse-cur=32M:\
18655714Skris#	:maxproc-cur=64:\
18755714Skris#	:openfiles-cur=1024:\
18855714Skris#	:priority=0:\
18955714Skris#	:requirehome@:\
19055714Skris#	:umask=022:\
19155714Skris#	:tc=auth-root-defaults:
19255714Skris#
19355714Skris#
19455714Skris##
19555714Skris## Settings used by /etc/rc
19655714Skris##
19755714Skris#daemon:\
19855714Skris#	:coredumpsize@:\
19955714Skris#	:coredumpsize-cur=0:\
20055714Skris#	:datasize=infinity:\
20155714Skris#	:datasize-cur@:\
20255714Skris#	:maxproc=512:\
20355714Skris#	:maxproc-cur@:\
20455714Skris#	:memoryuse-cur=64M:\
20555714Skris#	:memorylocked-cur=64M:\
20655714Skris#	:openfiles=1024:\
20755714Skris#	:openfiles-cur@:\
20855714Skris#	:stacksize=16M:\
20955714Skris#	:stacksize-cur@:\
21055714Skris#	:tc=default:
21155714Skris#
21255714Skris#
21355714Skris##
21455714Skris## Settings used by news subsystem
21555714Skris##
21655714Skris#news:\
21755714Skris#	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
21855714Skris#	:cputime=infinity:\
21955714Skris#	:filesize=128M:\
22055714Skris#	:datasize-cur=64M:\
22155714Skris#	:stacksize-cur=32M:\
22255714Skris#	:coredumpsize-cur=0:\
22355714Skris#	:maxmemorysize-cur=128M:\
22455714Skris#	:memorylocked=32M:\
22555714Skris#	:maxproc=128:\
22655714Skris#	:openfiles=256:\
22755714Skris#	:tc=default:
22855714Skris#
22955714Skris#
23055714Skris##
23155714Skris## The dialer class should be used for a dialup PPP account
23255714Skris## Welcome messages/news suppressed
23355714Skris##
23455714Skris#dialer:\
23555714Skris#	:hushlogin:\
23655714Skris#	:requirehome@:\
23755714Skris#	:cputime=unlimited:\
23855714Skris#	:filesize=2M:\
23955714Skris#	:datasize=2M:\
24055714Skris#	:stacksize=4M:\
24155714Skris#	:coredumpsize=0:\
24255714Skris#	:memoryuse=4M:\
24355714Skris#	:memorylocked=1M:\
24455714Skris#	:maxproc=16:\
24555714Skris#	:openfiles=32:\
24655714Skris#	:tc=standard:
24755714Skris#
24855714Skris#
24955714Skris##
25055714Skris## Site full-time 24/7 PPP connection
25155714Skris## - no time accounting, restricted to access via dialin lines
25255714Skris##
25355714Skris#site:\
25455714Skris#	:ignoretime:\
25555714Skris#	:passwordtime@:\
256#	:refreshtime@:\
257#	:refreshperiod@:\
258#	:sessionlimit@:\
259#	:autodelete@:\
260#	:expireperiod@:\
261#	:graceexpire@:\
262#	:gracetime@:\
263#	:warnexpire@:\
264#	:warnpassword@:\
265#	:idletime@:\
266#	:sessiontime@:\
267#	:daytime@:\
268#	:weektime@:\
269#	:monthtime@:\
270#	:warntime@:\
271#	:accounted@:\
272#	:tc=dialer:\
273#	:tc=staff:
274#
275#
276##
277## Example standard accounting entries for subscriber levels
278##
279#
280#subscriber|Subscribers:\
281#	:accounted:\
282#	:refreshtime=180d:\
283#	:refreshperiod@:\
284#	:sessionlimit@:\
285#	:autodelete=30d:\
286#	:expireperiod=180d:\
287#	:graceexpire=7d:\
288#	:gracetime=10m:\
289#	:warnexpire=7d:\
290#	:warnpassword=7d:\
291#	:idletime=30m:\
292#	:sessiontime=4h:\
293#	:daytime=6h:\
294#	:weektime=40h:\
295#	:monthtime=120h:\
296#	:warntime=4h:\
297#	:tc=standard:
298#
299#
300##
301## Subscriber accounts. These accounts have their login times
302## accounted and have access limits applied.
303##
304#subppp|PPP Subscriber Accounts:\
305#	:tc=dialer:\
306#	:tc=subscriber:
307#
308#
309#subshell|Shell Subscriber Accounts:\
310#	:tc=subscriber:
311#
312##
313## If you want some of the accounts to use traditional UNIX DES based
314## password hashes.
315##
316#des_users:\
317#	:passwd_format=des:\
318#	:tc=default:
319