login.conf revision 48814 
1# Sample login.conf - login class capabilities database.
2# To speed up access to this data, you can use /usr/bin/cap_mkdb
3# to create a database form of this file:
4#
5#	cap_mkdb /etc/login.conf
6#
7# Don't forget to do this after each edit as well!
8#
9# This file controls resource limits, accounting limits and
10# default user environment settings.
11#
12#	$Id: login.conf,v 1.31 1999/05/28 11:07:16 jkh Exp $
13#
14
15# Default settings effectively disable resource limits, see the
16# examples below for a starting point to enable them.
17
18# defaults
19# These settings are used by login(1) by default for classless users
20# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
21
22default:\
23	:copyright=/etc/COPYRIGHT:\
24	:welcome=/etc/motd:\
25	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
26	:path=~/bin /bin /usr/bin /usr/local/bin /usr/X11R6/bin:\
27	:nologin=/var/run/nologin:\
28	:cputime=unlimited:\
29	:datasize=unlimited:\
30	:stacksize=unlimited:\
31	:memorylocked=unlimited:\
32	:memoryuse=unlimited:\
33	:filesize=unlimited:\
34	:coredumpsize=unlimited:\
35	:openfiles=unlimited:\
36	:maxproc=unlimited:\
37	:priority=0:\
38	:ignoretime@:\
39	:umask=022:
40
41
42#
43# A collection of common class names - forward them all to 'default'
44# (login would normally do this anyway, but having a class name
45#  here suppresses the diagnostic)
46#
47standard:\
48	:tc=default:
49xuser:\
50	:tc=default:
51staff:\
52	:tc=default:
53daemon:\
54	:tc=default:
55news:\
56	:tc=default:
57dialer:\
58	:tc=default:
59
60#
61# Root can always login
62#
63# N.B.  login_getpwclass(3) will use this entry for the root account,
64#       in preference to 'default'.
65root:\
66	:ignorenologin:\
67	:tc=default:
68
69#
70# Russian Users Accounts. Setup proper environment variables.
71#
72russian:Russian Users Accounts:\
73	:charset=KOI8-R:\
74	:lang=ru_RU.KOI8-R:\
75	:tc=default:
76
77
78######################################################################
79######################################################################
80##
81## Example entries
82## 
83######################################################################
84######################################################################
85
86## Authentication methods
87## Note that these are disabled by default, and libutil must
88## be rebuilt with LOGIN_CAP_AUTH defined to use them.
89#
90#auth-defaults:\
91#	:auth=krb_skey_or_passwd,passwd,kerberos,skey:
92#
93#auth-root-defaults:\
94#	:auth-login=krb_skey_or_passwd,passwd,kerberos,skey:\
95#	:auth-rlogin=krb_or_skey,kerberos,skey:
96#
97#auth-ftp-defaults:\
98#	:auth=skey_or_pwd,passwd,skey:
99#
100#
101## Example defaults
102## These settings are used by login(1) by default for classless users
103## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
104#
105#default:\
106#	:cputime=infinity:\
107#	:datasize-cur=22M:\
108#	:stacksize-cur=8M:\
109#	:memorylocked-cur=10M:\
110#	:memoryuse-cur=30M:\
111#	:filesize=infinity:\
112#	:coredumpsize=infinity:\
113#	:maxproc-cur=64:\
114#	:openfiles-cur=64:\
115#	:priority=0:\
116#	:requirehome@:\
117#	:umask=022:\
118#	:tc=auth-defaults:
119#
120#
121##
122## standard - standard user defaults
123##
124#standard:\
125#	:copyright=/etc/COPYRIGHT:\
126#	:welcome=/etc/motd:\
127#	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
128#	:path=~/bin /bin /usr/bin /usr/local/bin:\
129#	:manpath=/usr/share/man /usr/local/man:\
130#	:nologin=/var/run/nologin:\
131#	:cputime=1h30m:\
132#	:datasize=8M:\
133#	:stacksize=2M:\
134#	:memorylocked=4M:\
135#	:memoryuse=8M:\
136#	:filesize=8M:\
137#	:coredumpsize=8M:\
138#	:openfiles=24:\
139#	:maxproc=32:\
140#	:priority=0:\
141#	:requirehome:\
142#	:passwordtime=90d:\
143#	:umask=002:\
144#	:ignoretime@:\
145#	:tc=default:
146#
147#
148##
149## users of X (needs more resources!)
150##
151#xuser:\
152#	:manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\
153#	:cputime=4h:\
154#	:datasize=12M:\
155#	:stacksize=4M:\
156#	:filesize=8M:\
157#	:memoryuse=16M:\
158#	:openfiles=32:\
159#	:maxproc=48:\
160#	:tc=standard:
161#
162#
163##
164## Staff users - few restrictions and allow login anytime
165##
166#staff:\
167#	:ignorenologin:\
168#	:ignoretime:\
169#	:requirehome@:\
170#	:accounted@:\
171#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
172#	:umask=022:\
173#	:tc=standard:
174#
175#
176##
177## root - fallback for root logins
178##
179#root:\
180#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
181#	:cputime=infinity:\
182#	:datasize=infinity:\
183#	:stacksize=infinity:\
184#	:memorylocked=infinity:\
185#	:memoryuse=infinity:\
186#	:filesize=infinity:\
187#	:coredumpsize=infinity:\
188#	:openfiles=infinity:\
189#	:maxproc=infinity:\
190#	:memoryuse-cur=32M:\
191#	:maxproc-cur=64:\
192#	:openfiles-cur=1024:\
193#	:priority=0:\
194#	:requirehome@:\
195#	:umask=022:\
196#	:tc=auth-root-defaults:
197#
198#
199##
200## Settings used by /etc/rc
201##
202#daemon:\
203#	:coredumpsize@:\
204#	:coredumpsize-cur=0:\
205#	:datasize=infinity:\
206#	:datasize-cur@:\
207#	:maxproc=512:\
208#	:maxproc-cur@:\
209#	:memoryuse-cur=64M:\
210#	:memorylocked-cur=64M:\
211#	:openfiles=1024:\
212#	:openfiles-cur@:\
213#	:stacksize=16M:\
214#	:stacksize-cur@:\
215#	:tc=default:
216#
217#
218##
219## Settings used by news subsystem
220##
221#news:\
222#	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
223#	:cputime=infinity:\
224#	:filesize=128M:\
225#	:datasize-cur=64M:\
226#	:stacksize-cur=32M:\
227#	:coredumpsize-cur=0:\
228#	:maxmemorysize-cur=128M:\
229#	:memorylocked=32M:\
230#	:maxproc=128:\
231#	:openfiles=256:\
232#	:tc=default:
233#
234#
235##
236## The dialer class should be used for a dialup PPP/SLIP accounts
237## Welcome messages/news suppressed
238##
239#dialer:\
240#	:hushlogin:\
241#	:requirehome@:\
242#	:cputime=unlimited:\
243#	:filesize=2M:\
244#	:datasize=2M:\
245#	:stacksize=4M:\
246#	:coredumpsize=0:\
247#	:memoryuse=4M:\
248#	:memorylocked=1M:\
249#	:maxproc=16:\
250#	:openfiles=32:\
251#	:tc=standard:
252#
253#
254##
255## Site full-time 24/7 PPP/SLIP connections
256## - no time accounting, restricted to access via dialin lines
257##
258#site:\
259#	:ignoretime:\
260#	:passwordtime@:\
261#	:refreshtime@:\
262#	:refreshperiod@:\
263#	:sessionlimit@:\
264#	:autodelete@:\
265#	:expireperiod@:\
266#	:graceexpire@:\
267#	:gracetime@:\
268#	:warnexpire@:\
269#	:warnpassword@:\
270#	:idletime@:\
271#	:sessiontime@:\
272#	:daytime@:\
273#	:weektime@:\
274#	:monthtime@:\
275#	:warntime@:\
276#	:accounted@:\
277#	:tc=dialer:\
278#	:tc=staff:
279#
280#
281##
282## Example standard accounting entries for subscriber levels
283##
284#
285#subscriber|Subscribers:\
286#	:accounted:\
287#	:refreshtime=180d:\
288#	:refreshperiod@:\
289#	:sessionlimit@:\
290#	:autodelete=30d:\
291#	:expireperiod=180d:\
292#	:graceexpire=7d:\
293#	:gracetime=10m:\
294#	:warnexpire=7d:\
295#	:warnpassword=7d:\
296#	:idletime=30m:\
297#	:sessiontime=4h:\
298#	:daytime=6h:\
299#	:weektime=40h:\
300#	:monthtime=120h:\
301#	:warntime=4h:\
302#	:tc=standard:
303#
304#
305##
306## Subscriber accounts. These accounts have their login times
307## accounted and have access limits applied.
308##
309#subppp|PPP Subscriber Accounts:\
310#	:tc=dialer:\
311#	:tc=subscriber:
312#
313#
314#subslip|SLIP Subscriber Accounts:\
315#	:tc=dialer:\
316#	:tc=subscriber:
317#
318#
319#subshell:Shell Subscriber Accounts:\
320#	:tc=subscriber:
321#
322