login.conf revision 46209 
1# Sample login.conf - login class capabilities database.
2# To speed up access to this data, you can use /usr/bin/cap_mkdb
3# to create a database form of this file:
4#
5#	cap_mkdb /etc/login.conf
6#
7# Don't forget to do this after each edit as well!
8#
9# This file controls resource limits, accounting limits and
10# default user environment settings.
11#
12#	$Id: login.conf,v 1.29 1999/04/28 20:12:53 jkh Exp $
13#
14
15# Default settings effectively disable resource limits, see the
16# examples below for a starting point to enable them.
17
18# defaults
19# These settings are used by login(1) by default for classless users
20# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
21
22default:\
23	:copyright=/etc/COPYRIGHT:\
24	:welcome=/etc/motd:\
25	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
26	:path=~/bin /bin /usr/bin /usr/local/bin /usr/X11R6/bin:\
27	:nologin=/var/run/nologin:\
28	:cputime=unlimited:\
29	:datasize=unlimited:\
30	:stacksize=unlimited:\
31	:memorylocked=unlimited:\
32	:memoryuse=unlimited:\
33	:filesize=unlimited:\
34	:coredumpsize=unlimited:\
35	:openfiles=unlimited:\
36	:maxproc=unlimited:\
37	:priority=0:\
38	:ignoretime@:\
39	:umask=022:
40
41
42#
43# A collection of common class names - forward them all to 'default'
44# (login would normally do this anyway, but having a class name
45#  here suppresses the diagnostic)
46#
47standard:\
48	:tc=default:
49xuser:\
50	:tc=default:
51staff:\
52	:tc=default:
53daemon:\
54	:tc=default:
55news:\
56	:tc=default:
57dialer:\
58	:tc=default:
59
60#
61# Root can always login
62#
63root:\
64	:ignorenologin:\
65	:tc=default:
66
67#
68# Russian Users Accounts. Setup proper environment variables.
69#
70russian:Russian Users Accounts:\
71	:charset=KOI8-R:\
72	:lang=ru_RU.KOI8-R:\
73	:tc=default:
74
75
76######################################################################
77######################################################################
78##
79## Example entries
80## 
81######################################################################
82######################################################################
83
84## Authentication methods
85## Note that these are disabled by default, and libutil must
86## be rebuilt with LOGIN_CAP_AUTH defined to use them.
87#
88#auth-defaults:\
89#	:auth=krb_skey_or_passwd,passwd,kerberos,skey:
90#
91#auth-root-defaults:\
92#	:auth-login=krb_skey_or_passwd,passwd,kerberos,skey:\
93#	:auth-rlogin=krb_or_skey,kerberos,skey:
94#
95#auth-ftp-defaults:\
96#	:auth=skey_or_pwd,passwd,skey:
97#
98#
99## Example defaults
100## These settings are used by login(1) by default for classless users
101## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
102#
103#default:\
104#	:cputime=infinity:\
105#	:datasize-cur=22M:\
106#	:stacksize-cur=8M:\
107#	:memorylocked-cur=10M:\
108#	:memoryuse-cur=30M:\
109#	:filesize=infinity:\
110#	:coredumpsize=infinity:\
111#	:maxproc-cur=64:\
112#	:openfiles-cur=64:\
113#	:priority=0:\
114#	:requirehome@:\
115#	:umask=022:\
116#	:tc=auth-defaults:
117#
118#
119##
120## standard - standard user defaults
121##
122#standard:\
123#	:copyright=/etc/COPYRIGHT:\
124#	:welcome=/etc/motd:\
125#	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
126#	:path=~/bin /bin /usr/bin /usr/local/bin:\
127#	:manpath=/usr/share/man /usr/local/man:\
128#	:nologin=/var/run/nologin:\
129#	:cputime=1h30m:\
130#	:datasize=8M:\
131#	:stacksize=2M:\
132#	:memorylocked=4M:\
133#	:memoryuse=8M:\
134#	:filesize=8M:\
135#	:coredumpsize=8M:\
136#	:openfiles=24:\
137#	:maxproc=32:\
138#	:priority=0:\
139#	:requirehome:\
140#	:passwordtime=90d:\
141#	:umask=002:\
142#	:ignoretime@:\
143#	:tc=default:
144#
145#
146##
147## users of X (needs more resources!)
148##
149#xuser:\
150#	:manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\
151#	:cputime=4h:\
152#	:datasize=12M:\
153#	:stacksize=4M:\
154#	:filesize=8M:\
155#	:memoryuse=16M:\
156#	:openfiles=32:\
157#	:maxproc=48:\
158#	:tc=standard:
159#
160#
161##
162## Staff users - few restrictions and allow login anytime
163##
164#staff:\
165#	:ignorenologin:\
166#	:ignoretime:\
167#	:requirehome@:\
168#	:accounted@:\
169#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
170#	:umask=022:\
171#	:tc=standard:
172#
173#
174##
175## root - fallback for root logins
176##
177#root:\
178#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
179#	:cputime=infinity:\
180#	:datasize=infinity:\
181#	:stacksize=infinity:\
182#	:memorylocked=infinity:\
183#	:memoryuse=infinity:\
184#	:filesize=infinity:\
185#	:coredumpsize=infinity:\
186#	:openfiles=infinity:\
187#	:maxproc=infinity:\
188#	:memoryuse-cur=32M:\
189#	:maxproc-cur=64:\
190#	:openfiles-cur=1024:\
191#	:priority=0:\
192#	:requirehome@:\
193#	:umask=022:\
194#	:tc=auth-root-defaults:
195#
196#
197##
198## Settings used by /etc/rc
199##
200#daemon:\
201#	:coredumpsize@:\
202#	:coredumpsize-cur=0:\
203#	:datasize=infinity:\
204#	:datasize-cur@:\
205#	:maxproc=512:\
206#	:maxproc-cur@:\
207#	:memoryuse-cur=64M:\
208#	:memorylocked-cur=64M:\
209#	:openfiles=1024:\
210#	:openfiles-cur@:\
211#	:stacksize=16M:\
212#	:stacksize-cur@:\
213#	:tc=default:
214#
215#
216##
217## Settings used by news subsystem
218##
219#news:\
220#	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
221#	:cputime=infinity:\
222#	:filesize=128M:\
223#	:datasize-cur=64M:\
224#	:stacksize-cur=32M:\
225#	:coredumpsize-cur=0:\
226#	:maxmemorysize-cur=128M:\
227#	:memorylocked=32M:\
228#	:maxproc=128:\
229#	:openfiles=256:\
230#	:tc=default:
231#
232#
233##
234## The dialer class should be used for a dialup PPP/SLIP accounts
235## Welcome messages/news suppressed
236##
237#dialer:\
238#	:hushlogin:\
239#	:requirehome@:\
240#	:cputime=unlimited:\
241#	:filesize=2M:\
242#	:datasize=2M:\
243#	:stacksize=4M:\
244#	:coredumpsize=0:\
245#	:memoryuse=4M:\
246#	:memorylocked=1M:\
247#	:maxproc=16:\
248#	:openfiles=32:\
249#	:tc=standard:
250#
251#
252##
253## Site full-time 24/7 PPP/SLIP connections
254## - no time accounting, restricted to access via dialin lines
255##
256#site:\
257#	:ignoretime:\
258#	:passwordtime@:\
259#	:refreshtime@:\
260#	:refreshperiod@:\
261#	:sessionlimit@:\
262#	:autodelete@:\
263#	:expireperiod@:\
264#	:graceexpire@:\
265#	:gracetime@:\
266#	:warnexpire@:\
267#	:warnpassword@:\
268#	:idletime@:\
269#	:sessiontime@:\
270#	:daytime@:\
271#	:weektime@:\
272#	:monthtime@:\
273#	:warntime@:\
274#	:accounted@:\
275#	:tc=dialer:\
276#	:tc=staff:
277#
278#
279##
280## Example standard accounting entries for subscriber levels
281##
282#
283#subscriber|Subscribers:\
284#	:accounted:\
285#	:refreshtime=180d:\
286#	:refreshperiod@:\
287#	:sessionlimit@:\
288#	:autodelete=30d:\
289#	:expireperiod=180d:\
290#	:graceexpire=7d:\
291#	:gracetime=10m:\
292#	:warnexpire=7d:\
293#	:warnpassword=7d:\
294#	:idletime=30m:\
295#	:sessiontime=4h:\
296#	:daytime=6h:\
297#	:weektime=40h:\
298#	:monthtime=120h:\
299#	:warntime=4h:\
300#	:tc=standard:
301#
302#
303##
304## Subscriber accounts. These accounts have their login times
305## accounted and have access limits applied.
306##
307#subppp|PPP Subscriber Accounts:\
308#	:tc=dialer:\
309#	:tc=subscriber:
310#
311#
312#subslip|SLIP Subscriber Accounts:\
313#	:tc=dialer:\
314#	:tc=subscriber:
315#
316#
317#subshell:Shell Subscriber Accounts:\
318#	:tc=subscriber:
319#
320