Effectively disable resource limit setting by default, leaving the

original contents of the file preserved as examples for administrators that need to enable them. Also add a comment to the examples pointing out that the authentication functionality is largely unused and requires rebuilding libutil. Reviewed by: jkh
1998-09-16 19:18:36 +00:00 · 1998-09-16 19:18:36 +00:00 · 4988a4a48d
commit 4988a4a48d
parent d50c9db046
1 changed files with 287 additions and 216 deletions
--- a/etc/login.conf
+++ b/etc/login.conf
@ -9,245 +9,62 @@
 # This file controls resource limits, accounting limits and
 # default user environment settings.
 #
-#	$Id: login.conf,v 1.19 1997/12/03 01:12:48 ache Exp $
+#	$Id: login.conf,v 1.20 1998/03/09 03:01:47 steve Exp $
 #

-
-# Authentication methods
-
-auth-defaults:\
-	:auth=krb_skey_or_passwd,passwd,kerberos,skey:
-
-auth-root-defaults:\
-	:auth-login=krb_skey_or_passwd,passwd,kerberos,skey:\
-	:auth-rlogin=krb_or_skey,kerberos,skey:
-
-auth-ftp-defaults:\
-	:auth=skey_or_pwd,passwd,skey:
-
+# Default settings effectively disable resource limits, see the
+# examples below for a starting point to enable them.

 # Example defaults
 # These settings are used by login(1) by default for classless users
 # Note that entries like "cputime" set both "cputime-cur" and "cputime-max"

 default:\
-	:cputime=infinity:\
-	:datasize-cur=22M:\
-	:stacksize-cur=8M:\
-	:memorylocked-cur=10M:\
-	:memoryuse-cur=30M:\
-	:filesize=infinity:\
-	:coredumpsize=infinity:\
-	:maxproc-cur=64:\
-	:openfiles-cur=64:\
-	:priority=0:\
-	:requirehome@:\
-	:umask=022:\
-	:tc=auth-defaults:
-
-
-#
-# standard - standard user defaults
-#
-standard:\
 	:copyright=/etc/COPYRIGHT:\
 	:welcome=/etc/motd:\
 	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,EDITOR=/usr/bin/ee:\
 	:path=~/bin /bin /usr/bin /usr/local/bin:\
 	:manpath=/usr/share/man /usr/local/man:\
 	:nologin=/etc/nologin:\
-	:cputime=1h30m:\
-	:datasize=8M:\
-	:stacksize=2M:\
-	:memorylocked=4M:\
-	:memoryuse=8M:\
-	:filesize=8M:\
-	:coredumpsize=8M:\
-	:openfiles=24:\
-	:maxproc=32:\
+	:cputime=unlimited:\
+	:datasize=unlimited:\
+	:stacksize=unlimited:\
+	:memorylocked=unlimited:\
+	:memoryuse=unlimited:\
+	:filesize=unlimited:\
+	:coredumpsize=unlimited:\
+	:openfiles=unlimited:\
+	:maxproc=unlimited:\
 	:priority=0:\
-	:requirehome:\
-	:passwordperiod=90d:\
-	:umask=002:\
 	:ignoretime@:\
+	:umask=022:
+
+
+#
+# A collection of common class names - forward them all to 'default'
+# (login would normally do this anyway, but having a class name
+#  here suppresses the diagnostic)
+#
+standard:\
+	:tc=default:
+xuser:\
+	:tc=default:
+staff:\
+	:tc=default:
+daemon:\
+	:tc=default;
+news:\
+	:tc=default:
+dialer:\
 	:tc=default:

-
 #
-# users of X (needs more resources!)
-#
-xuser:\
-	:manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\
-	:cputime=4h:\
-	:datasize=12M:\
-	:stacksize=4M:\
-	:filesize=8M:\
-	:memoryuse=16M:\
-	:openfiles=32:\
-	:maxproc=48:\
-	:tc=standard:
-
-
-#
-# Staff users - few restrictions and allow login anytime
-#
-staff:\
-	:ignorenologin:\
-	:ignoretime:\
-	:requirehome@:\
-	:accounted@:\
-	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
-	:umask=022:\
-	:tc=standard:
-
-
-#
-# root - fallback for root logins
+# Root can always login
 #
 root:\
-	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
-	:cputime=infinity:\
-	:datasize=infinity:\
-	:stacksize=infinity:\
-	:memorylocked=infinity:\
-	:memoryuse=infinity:\
-	:filesize=infinity:\
-	:coredumpsize=infinity:\
-	:openfiles=infinity:\
-	:maxproc=infinity:\
-	:memoryuse-cur=32M:\
-	:maxproc-cur=64:\
-	:openfiles-cur=1024:\
-	:priority=0:\
-	:requirehome@:\
-	:umask=022:\
-	:tc=auth-root-defaults:
-
-
-#
-# Settings used by /etc/rc
-#
-daemon:\
-	:coredumpsize@:\
-	:coredumpsize-cur=0:\
-	:datasize=infinity:\
-	:datasize-cur@:\
-	:maxproc=512:\
-	:maxproc-cur@:\
-	:memoryuse-cur=64M:\
-	:memorylocked-cur=64M:\
-	:openfiles=1024:\
-	:openfiles-cur@:\
-	:stacksize=16M:\
-	:stacksize-cur@:\
+	:ignorenologin:\
 	:tc=default:

-
-#
-# Settings used by news subsystem
-#
-news:\
-	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
-	:cputime=infinity:\
-	:filesize=128M:\
-	:datasize-cur=64M:\
-	:stacksize-cur=32M:\
-	:coredumpsize-cur=0:\
-	:maxmemorysize-cur=128M:\
-	:memorylocked=32M:\
-	:maxproc=128:\
-	:openfiles=256:\
-	:tc=default:
-
-
-#
-# The dialer class should be used for a dialup PPP/SLIP accounts
-# Welcome messages/news suppressed
-#
-dialer:\
-	:hushlogin:\
-	:requirehome@:\
-	:cputime=unlimited:\
-	:filesize=2M:\
-	:datasize=2M:\
-	:stacksize=4M:\
-	:coredumpsize=0:\
-	:memoryuse=4M:\
-	:memorylocked=1M:\
-	:maxproc=16:\
-	:openfiles=32:\
-	:tc=standard:
-
-
-#
-# Site full-time 24/7 PPP/SLIP connections
-# - no time accounting, restricted to access via dialin lines
-#
-site:\
-	:ignoretime:\
-	:passwordperiod@:\
-	:refreshtime@:\
-	:refreshperiod@:\
-	:sessionlimit@:\
-	:autodelete@:\
-	:expireperiod@:\
-	:graceexpire@:\
-	:gracetime@:\
-	:warnexpire@:\
-	:warnpassword@:\
-	:idletime@:\
-	:sessiontime@:\
-	:daytime@:\
-	:weektime@:\
-	:monthtime@:\
-	:warntime@:\
-	:accounted@:\
-	:tc=dialer:\
-	:tc=staff:
-
-
-#
-# Example standard accounting entries for subscriber levels
-#
-
-subscriber|Subscribers:\
-	:accounted:\
-	:refreshtime=180d:\
-	:refreshperiod@:\
-	:sessionlimit@:\
-	:autodelete=30d:\
-	:expireperiod=180d:\
-	:graceexpire=7d:\
-	:gracetime=10m:\
-	:warnexpire=7d:\
-	:warnpassword=7d:\
-	:idletime=30m:\
-	:sessiontime=4h:\
-	:daytime=6h:\
-	:weektime=40h:\
-	:monthtime=120h:\
-	:warntime=4h:\
-	:tc=standard:
-
-
-#
-# Subscriber accounts. These accounts have their login times
-# accounted and have access limits applied.
-#
-subppp|PPP Subscriber Accounts:\
-	:tc=dialer:\
-	:tc=subscriber:
-
-
-subslip|SLIP Subscriber Accounts:\
-	:tc=dialer:\
-	:tc=subscriber:
-
-
-subshell:Shell Subscriber Accounts:\
-	:tc=subscriber:
-
-
 #
 # Russian Users Accounts. Setup proper environment variables.
 #
@ -255,3 +72,257 @@ russian:Russian Users Accounts:\
 	:charset=KOI8-R:\
 	:lang=ru_RU.KOI8-R:\
 	:tc=default:
+
+
+######################################################################
+######################################################################
+##
+## Example entries
+## 
+######################################################################
+######################################################################
+
+## Authentication methods
+## Note that these are disabled by default, and libutil must
+## be rebuilt with LOGIN_CAP_AUTH defined to use them.
+#
+#auth-defaults:\
+#	:auth=krb_skey_or_passwd,passwd,kerberos,skey:
+#
+#auth-root-defaults:\
+#	:auth-login=krb_skey_or_passwd,passwd,kerberos,skey:\
+#	:auth-rlogin=krb_or_skey,kerberos,skey:
+#
+#auth-ftp-defaults:\
+#	:auth=skey_or_pwd,passwd,skey:
+#
+#
+## Example defaults
+## These settings are used by login(1) by default for classless users
+## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
+#
+#default:\
+#	:cputime=infinity:\
+#	:datasize-cur=22M:\
+#	:stacksize-cur=8M:\
+#	:memorylocked-cur=10M:\
+#	:memoryuse-cur=30M:\
+#	:filesize=infinity:\
+#	:coredumpsize=infinity:\
+#	:maxproc-cur=64:\
+#	:openfiles-cur=64:\
+#	:priority=0:\
+#	:requirehome@:\
+#	:umask=022:\
+#	:tc=auth-defaults:
+#
+#
+##
+## standard - standard user defaults
+##
+#standard:\
+#	:copyright=/etc/COPYRIGHT:\
+#	:welcome=/etc/motd:\
+#	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,EDITOR=/usr/bin/ee:\
+#	:path=~/bin /bin /usr/bin /usr/local/bin:\
+#	:manpath=/usr/share/man /usr/local/man:\
+#	:nologin=/etc/nologin:\
+#	:cputime=1h30m:\
+#	:datasize=8M:\
+#	:stacksize=2M:\
+#	:memorylocked=4M:\
+#	:memoryuse=8M:\
+#	:filesize=8M:\
+#	:coredumpsize=8M:\
+#	:openfiles=24:\
+#	:maxproc=32:\
+#	:priority=0:\
+#	:requirehome:\
+#	:passwordperiod=90d:\
+#	:umask=002:\
+#	:ignoretime@:\
+#	:tc=default:
+#
+#
+##
+## users of X (needs more resources!)
+##
+#xuser:\
+#	:manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\
+#	:cputime=4h:\
+#	:datasize=12M:\
+#	:stacksize=4M:\
+#	:filesize=8M:\
+#	:memoryuse=16M:\
+#	:openfiles=32:\
+#	:maxproc=48:\
+#	:tc=standard:
+#
+#
+##
+## Staff users - few restrictions and allow login anytime
+##
+#staff:\
+#	:ignorenologin:\
+#	:ignoretime:\
+#	:requirehome@:\
+#	:accounted@:\
+#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
+#	:umask=022:\
+#	:tc=standard:
+#
+#
+##
+## root - fallback for root logins
+##
+#root:\
+#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
+#	:cputime=infinity:\
+#	:datasize=infinity:\
+#	:stacksize=infinity:\
+#	:memorylocked=infinity:\
+#	:memoryuse=infinity:\
+#	:filesize=infinity:\
+#	:coredumpsize=infinity:\
+#	:openfiles=infinity:\
+#	:maxproc=infinity:\
+#	:memoryuse-cur=32M:\
+#	:maxproc-cur=64:\
+#	:openfiles-cur=1024:\
+#	:priority=0:\
+#	:requirehome@:\
+#	:umask=022:\
+#	:tc=auth-root-defaults:
+#
+#
+##
+## Settings used by /etc/rc
+##
+#daemon:\
+#	:coredumpsize@:\
+#	:coredumpsize-cur=0:\
+#	:datasize=infinity:\
+#	:datasize-cur@:\
+#	:maxproc=512:\
+#	:maxproc-cur@:\
+#	:memoryuse-cur=64M:\
+#	:memorylocked-cur=64M:\
+#	:openfiles=1024:\
+#	:openfiles-cur@:\
+#	:stacksize=16M:\
+#	:stacksize-cur@:\
+#	:tc=default:
+#
+#
+##
+## Settings used by news subsystem
+##
+#news:\
+#	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
+#	:cputime=infinity:\
+#	:filesize=128M:\
+#	:datasize-cur=64M:\
+#	:stacksize-cur=32M:\
+#	:coredumpsize-cur=0:\
+#	:maxmemorysize-cur=128M:\
+#	:memorylocked=32M:\
+#	:maxproc=128:\
+#	:openfiles=256:\
+#	:tc=default:
+#
+#
+##
+## The dialer class should be used for a dialup PPP/SLIP accounts
+## Welcome messages/news suppressed
+##
+#dialer:\
+#	:hushlogin:\
+#	:requirehome@:\
+#	:cputime=unlimited:\
+#	:filesize=2M:\
+#	:datasize=2M:\
+#	:stacksize=4M:\
+#	:coredumpsize=0:\
+#	:memoryuse=4M:\
+#	:memorylocked=1M:\
+#	:maxproc=16:\
+#	:openfiles=32:\
+#	:tc=standard:
+#
+#
+##
+## Site full-time 24/7 PPP/SLIP connections
+## - no time accounting, restricted to access via dialin lines
+##
+#site:\
+#	:ignoretime:\
+#	:passwordperiod@:\
+#	:refreshtime@:\
+#	:refreshperiod@:\
+#	:sessionlimit@:\
+#	:autodelete@:\
+#	:expireperiod@:\
+#	:graceexpire@:\
+#	:gracetime@:\
+#	:warnexpire@:\
+#	:warnpassword@:\
+#	:idletime@:\
+#	:sessiontime@:\
+#	:daytime@:\
+#	:weektime@:\
+#	:monthtime@:\
+#	:warntime@:\
+#	:accounted@:\
+#	:tc=dialer:\
+#	:tc=staff:
+#
+#
+##
+## Example standard accounting entries for subscriber levels
+##
+#
+#subscriber|Subscribers:\
+#	:accounted:\
+#	:refreshtime=180d:\
+#	:refreshperiod@:\
+#	:sessionlimit@:\
+#	:autodelete=30d:\
+#	:expireperiod=180d:\
+#	:graceexpire=7d:\
+#	:gracetime=10m:\
+#	:warnexpire=7d:\
+#	:warnpassword=7d:\
+#	:idletime=30m:\
+#	:sessiontime=4h:\
+#	:daytime=6h:\
+#	:weektime=40h:\
+#	:monthtime=120h:\
+#	:warntime=4h:\
+#	:tc=standard:
+#
+#
+##
+## Subscriber accounts. These accounts have their login times
+## accounted and have access limits applied.
+##
+#subppp|PPP Subscriber Accounts:\
+#	:tc=dialer:\
+#	:tc=subscriber:
+#
+#
+#subslip|SLIP Subscriber Accounts:\
+#	:tc=dialer:\
+#	:tc=subscriber:
+#
+#
+#subshell:Shell Subscriber Accounts:\
+#	:tc=subscriber:
+#
+#
+##
+## Russian Users Accounts. Setup proper environment variables.
+##
+#russian:Russian Users Accounts:\
+#	:charset=KOI8-R:\
+#	:lang=ru_RU.KOI8-R:\
+#	:tc=default: