1998-09-02 01:34:57 +00:00
|
|
|
# $Id:$
|
|
|
|
#
|
1994-05-19 18:13:11 +00:00
|
|
|
# Login access control table.
|
|
|
|
#
|
|
|
|
# When someone logs in, the table is scanned for the first entry that
|
|
|
|
# matches the (user, host) combination, or, in case of non-networked
|
|
|
|
# logins, the first entry that matches the (user, tty) combination. The
|
|
|
|
# permissions field of that table entry determines whether the login will
|
|
|
|
# be accepted or refused.
|
|
|
|
#
|
|
|
|
# Format of the login access control table is three fields separated by a
|
|
|
|
# ":" character:
|
|
|
|
#
|
|
|
|
# permission : users : origins
|
|
|
|
#
|
|
|
|
# The first field should be a "+" (access granted) or "-" (access denied)
|
|
|
|
# character. The second field should be a list of one or more login names,
|
|
|
|
# group names, or ALL (always matches). The third field should be a list
|
|
|
|
# of one or more tty names (for non-networked logins), host names, domain
|
|
|
|
# names (begin with "."), host addresses, internet network numbers (end
|
|
|
|
# with "."), ALL (always matches) or LOCAL (matches any string that does
|
|
|
|
# not contain a "." character). If you run NIS you can use @netgroupname
|
|
|
|
# in host or user patterns.
|
|
|
|
#
|
|
|
|
# The EXCEPT operator makes it possible to write very compact rules.
|
|
|
|
#
|
|
|
|
# The group file is searched only when a name does not match that of the
|
|
|
|
# logged-in user. Only groups are matched in which users are explicitly
|
|
|
|
# listed: the program does not look at a user's primary group id value.
|
|
|
|
#
|
|
|
|
##############################################################################
|
|
|
|
#
|
|
|
|
# Disallow console logins to all but a few accounts.
|
|
|
|
#
|
|
|
|
#-:ALL EXCEPT wheel shutdown sync:console
|
|
|
|
#
|
|
|
|
# Disallow non-local logins to privileged accounts (group wheel).
|
|
|
|
#
|
|
|
|
#-:wheel:ALL EXCEPT LOCAL .win.tue.nl
|
|
|
|
#
|
|
|
|
# Some accounts are not allowed to login from anywhere:
|
|
|
|
#
|
|
|
|
#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL
|
|
|
|
#
|
|
|
|
# All other accounts are allowed to login from anywhere.
|
|
|
|
#
|