freebsd-dev/usr.bin/login/login.access.5

.\"
.\" $FreeBSD$
.\"
.Dd April 30, 1994
.Dt LOGIN.ACCESS 5
.Os
.Sh NAME
.Nm login.access
.Nd login access control table
.Sh DESCRIPTION
The
.Nm
file specifies (user, host) combinations and/or (user, tty)
combinations for which a login will be either accepted or refused.
.Pp
When someone logs in, the
.Nm
is scanned for the first entry that
matches the (user, host) combination, or, in case of non-networked
logins, the first entry that matches the (user, tty) combination.
The
permissions field of that table entry determines whether the login will
be accepted or refused.
.Pp
Each line of the login access control table has three fields separated by a
.Ql \&:
character:
.Ar permission : Ns Ar users : Ns Ar origins
.Pp
The first field should be a "+" (access granted) or "-" (access denied)
character.
The second field should be a list of one or more login names,
group names, or ALL (always matches).
The third field should be a list
of one or more tty names (for non-networked logins), host names, domain
names (begin with "."), host addresses, internet network numbers (end
with "."), ALL (always matches) or LOCAL (matches any string that does
not contain a "." character).
If you run NIS you can use @netgroupname
in host or user patterns.
.Pp
The EXCEPT operator makes it possible to write very compact rules.
.Pp
The group file is searched only when a name does not match that of the
logged-in user.
Only groups are matched in which users are explicitly
listed: the program does not look at a user's primary group id value.
.Sh FILES
.Bl -tag -width /etc/login.access -compact
.It Pa /etc/login.access
login access control table
.El
.Sh SEE ALSO
.Xr login 1 ,
.Xr pam 8
.Sh AUTHORS
.An Guido van Rooij
Add $Id$, to make it simpler for members of the translation teams to track. The $Id$ line is normally at the bottom of the main comment block in the man page, separated from the rest of the manpage by an empty comment, like so; .\" $Id$ .\" If the immediately preceding comment is a @(#) format ID marker than the the $Id$ will line up underneath it with no intervening blank lines. Otherwise, an additional blank line is inserted. Approved by: bde 1999-07-12 20:24:20 +00:00			`.\"`
$Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00			`.\" $FreeBSD$`
Add $Id$, to make it simpler for members of the translation teams to track. The $Id$ line is normally at the bottom of the main comment block in the man page, separated from the rest of the manpage by an empty comment, like so; .\" $Id$ .\" If the immediately preceding comment is a @(#) format ID marker than the the $Id$ will line up underneath it with no intervening blank lines. Otherwise, an additional blank line is inserted. Approved by: bde 1999-07-12 20:24:20 +00:00			`.\"`
Add skey supprot Reviewed by: Submitted by: guido 1994-08-21 19:26:22 +00:00			`.Dd April 30, 1994`
Fix the man page's title (.Dt). (It has been ``SKEY.ACCESS''.) 1997-06-02 17:24:36 +00:00			`.Dt LOGIN.ACCESS 5`
mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 14:16:33 +00:00			`.Os`
Add skey supprot Reviewed by: Submitted by: guido 1994-08-21 19:26:22 +00:00			`.Sh NAME`
			`.Nm login.access`
= -> ==, strcpy -> strncpy from OpenBSD. update man page. Add usage(). Obtained from: OpenBSD 1997-07-22 07:39:43 +00:00			`.Nd login access control table`
Add skey supprot Reviewed by: Submitted by: guido 1994-08-21 19:26:22 +00:00			`.Sh DESCRIPTION`
			`The`
= -> ==, strcpy -> strncpy from OpenBSD. update man page. Add usage(). Obtained from: OpenBSD 1997-07-22 07:39:43 +00:00			`.Nm`
Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00			`file specifies (user, host) combinations and/or (user, tty)`
Add skey supprot Reviewed by: Submitted by: guido 1994-08-21 19:26:22 +00:00			`combinations for which a login will be either accepted or refused.`
			`.Pp`
Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00			`When someone logs in, the`
= -> ==, strcpy -> strncpy from OpenBSD. update man page. Add usage(). Obtained from: OpenBSD 1997-07-22 07:39:43 +00:00			`.Nm`
Add skey supprot Reviewed by: Submitted by: guido 1994-08-21 19:26:22 +00:00			`is scanned for the first entry that`
			`matches the (user, host) combination, or, in case of non-networked`
Mechanically kill hard sentence breaks. 2004-07-02 22:22:35 +00:00			`logins, the first entry that matches the (user, tty) combination.`
			`The`
Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00			`permissions field of that table entry determines whether the login will`
Add skey supprot Reviewed by: Submitted by: guido 1994-08-21 19:26:22 +00:00			`be accepted or refused.`
			`.Pp`
			`Each line of the login access control table has three fields separated by a`
Deal with unsafe tab characters. 2004-07-02 19:55:26 +00:00			`.Ql \&:`
			`character:`
			`.Ar permission : Ns Ar users : Ns Ar origins`
= -> ==, strcpy -> strncpy from OpenBSD. update man page. Add usage(). Obtained from: OpenBSD 1997-07-22 07:39:43 +00:00			`.Pp`
Add skey supprot Reviewed by: Submitted by: guido 1994-08-21 19:26:22 +00:00			`The first field should be a "+" (access granted) or "-" (access denied)`
Remove single-space hard sentence breaks. These degrade the quality of the typeset output, tend to make diffs harder to read and provide bad examples for new-comers to mdoc. 2000-03-01 12:20:22 +00:00			`character.`
			`The second field should be a list of one or more login names,`
Mechanically kill hard sentence breaks. 2004-07-02 22:22:35 +00:00			`group names, or ALL (always matches).`
			`The third field should be a list`
Add skey supprot Reviewed by: Submitted by: guido 1994-08-21 19:26:22 +00:00			`of one or more tty names (for non-networked logins), host names, domain`
			`names (begin with "."), host addresses, internet network numbers (end`
			`with "."), ALL (always matches) or LOCAL (matches any string that does`
Mechanically kill hard sentence breaks. 2004-07-02 22:22:35 +00:00			`not contain a "." character).`
			`If you run NIS you can use @netgroupname`
Add skey supprot Reviewed by: Submitted by: guido 1994-08-21 19:26:22 +00:00			`in host or user patterns.`
= -> ==, strcpy -> strncpy from OpenBSD. update man page. Add usage(). Obtained from: OpenBSD 1997-07-22 07:39:43 +00:00			`.Pp`
Add skey supprot Reviewed by: Submitted by: guido 1994-08-21 19:26:22 +00:00			`The EXCEPT operator makes it possible to write very compact rules.`
= -> ==, strcpy -> strncpy from OpenBSD. update man page. Add usage(). Obtained from: OpenBSD 1997-07-22 07:39:43 +00:00			`.Pp`
Add skey supprot Reviewed by: Submitted by: guido 1994-08-21 19:26:22 +00:00			`The group file is searched only when a name does not match that of the`
Remove single-space hard sentence breaks. These degrade the quality of the typeset output, tend to make diffs harder to read and provide bad examples for new-comers to mdoc. 2000-03-01 12:20:22 +00:00			`logged-in user.`
			`Only groups are matched in which users are explicitly`
Add skey supprot Reviewed by: Submitted by: guido 1994-08-21 19:26:22 +00:00			`listed: the program does not look at a user's primary group id value.`
			`.Sh FILES`
			`.Bl -tag -width /etc/login.access -compact`
			`.It Pa /etc/login.access`
Do not reuse flag name in its definition. Remove inadequate sentence. 2002-10-16 15:17:38 +00:00			`login access control table`
Add skey supprot Reviewed by: Submitted by: guido 1994-08-21 19:26:22 +00:00			`.El`
			`.Sh SEE ALSO`
Obtained from: "Jan B. Koum " <jkb@best.com> Add a reference to pam(8) in the login(1) and login.access(5) manual pages. 1998-12-01 17:05:08 +00:00			`.Xr login 1 ,`
			`.Xr pam 8`
.Sh AUTHOR -> .Sh AUTHORS. Use .An/.Aq. 1998-03-23 07:48:45 +00:00			`.Sh AUTHORS`
			`.An Guido van Rooij`