cec65ede6c
Noticed by: danger
58 lines
1.7 KiB
Groff
58 lines
1.7 KiB
Groff
.\"
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd September 13, 2006
|
|
.Dt LOGIN.ACCESS 5
|
|
.Os
|
|
.Sh NAME
|
|
.Nm login.access
|
|
.Nd login access control table
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
file specifies (user, host) combinations and/or (user, tty)
|
|
combinations for which a login will be either accepted or refused.
|
|
.Pp
|
|
When someone logs in, the
|
|
.Nm
|
|
is scanned for the first entry that
|
|
matches the (user, host) combination, or, in case of non-networked
|
|
logins, the first entry that matches the (user, tty) combination.
|
|
The
|
|
permissions field of that table entry determines whether the login will
|
|
be accepted or refused.
|
|
.Pp
|
|
Each line of the login access control table has three fields separated by a
|
|
.Ql \&:
|
|
character:
|
|
.Ar permission : Ns Ar users : Ns Ar origins
|
|
.Pp
|
|
The first field should be a "+" (access granted) or "-" (access denied)
|
|
character.
|
|
The second field should be a list of one or more login names,
|
|
group names, or ALL (always matches).
|
|
The third field should be a list
|
|
of one or more tty names (for non-networked logins), host names, domain
|
|
names (begin with "."), host addresses, internet network numbers (end
|
|
with "."), ALL (always matches) or LOCAL (matches any string that does
|
|
not contain a "." character).
|
|
If you run NIS you can use @netgroupname
|
|
in host or user patterns.
|
|
.Pp
|
|
The EXCEPT operator makes it possible to write very compact rules.
|
|
.Pp
|
|
The group file is searched only when a name does not match that of the
|
|
logged-in user.
|
|
Only groups are matched in which users are explicitly
|
|
listed: the program does not look at a user's primary group id value.
|
|
.Sh FILES
|
|
.Bl -tag -width /etc/login.access -compact
|
|
.It Pa /etc/login.access
|
|
login access control table
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr login 1 ,
|
|
.Xr pam_login_access 8
|
|
.Sh AUTHORS
|
|
.An Guido van Rooij
|