51 lines
1.7 KiB
Groff
51 lines
1.7 KiB
Groff
.\" this is comment
|
|
.Dd April 30, 1994
|
|
.Dt SKEY.ACCESS 5
|
|
.Os FreeBSD 1.2
|
|
.Sh NAME
|
|
.Nm login.access
|
|
.Nd Login access control table
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm login.access
|
|
file specifies (user, host) combinations and/or (user, tty)
|
|
combinations for which a login will be either accepted or refused.
|
|
.Pp
|
|
When someone logs in, the
|
|
.Nm login.access
|
|
is scanned for the first entry that
|
|
matches the (user, host) combination, or, in case of non-networked
|
|
logins, the first entry that matches the (user, tty) combination. The
|
|
permissions field of that table entry determines whether the login will
|
|
be accepted or refused.
|
|
.Pp
|
|
Each line of the login access control table has three fields separated by a
|
|
":" character: permission : users : origins
|
|
|
|
The first field should be a "+" (access granted) or "-" (access denied)
|
|
character. The second field should be a list of one or more login names,
|
|
group names, or ALL (always matches). The third field should be a list
|
|
of one or more tty names (for non-networked logins), host names, domain
|
|
names (begin with "."), host addresses, internet network numbers (end
|
|
with "."), ALL (always matches) or LOCAL (matches any string that does
|
|
not contain a "." character). If you run NIS you can use @netgroupname
|
|
in host or user patterns.
|
|
|
|
The EXCEPT operator makes it possible to write very compact rules.
|
|
|
|
The group file is searched only when a name does not match that of the
|
|
logged-in user. Only groups are matched in which users are explicitly
|
|
listed: the program does not look at a user's primary group id value.
|
|
.Sh FILES
|
|
.Bl -tag -width /etc/login.access -compact
|
|
.It Pa /etc/login.access
|
|
The
|
|
.Nm login.access
|
|
file resides in
|
|
.Pa /etc .
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr login 1
|
|
.Sh AUTHOR
|
|
Guido van Rooij
|