Effectively disable resource limit setting by default, leaving the

original contents of the file preserved as examples for administrators
that need to enable them.

Also add a comment to the examples pointing out that the authentication
functionality is largely unused and requires rebuilding libutil.

Reviewed by:	jkh
This commit is contained in:
Mike Smith 1998-09-16 19:18:36 +00:00
parent b613c32dda
commit a4b3203d07

View File

@ -9,245 +9,62 @@
# This file controls resource limits, accounting limits and
# default user environment settings.
#
# $Id: login.conf,v 1.19 1997/12/03 01:12:48 ache Exp $
# $Id: login.conf,v 1.20 1998/03/09 03:01:47 steve Exp $
#
# Authentication methods
auth-defaults:\
:auth=krb_skey_or_passwd,passwd,kerberos,skey:
auth-root-defaults:\
:auth-login=krb_skey_or_passwd,passwd,kerberos,skey:\
:auth-rlogin=krb_or_skey,kerberos,skey:
auth-ftp-defaults:\
:auth=skey_or_pwd,passwd,skey:
# Default settings effectively disable resource limits, see the
# examples below for a starting point to enable them.
# Example defaults
# These settings are used by login(1) by default for classless users
# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
default:\
:cputime=infinity:\
:datasize-cur=22M:\
:stacksize-cur=8M:\
:memorylocked-cur=10M:\
:memoryuse-cur=30M:\
:filesize=infinity:\
:coredumpsize=infinity:\
:maxproc-cur=64:\
:openfiles-cur=64:\
:priority=0:\
:requirehome@:\
:umask=022:\
:tc=auth-defaults:
#
# standard - standard user defaults
#
standard:\
:copyright=/etc/COPYRIGHT:\
:welcome=/etc/motd:\
:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,EDITOR=/usr/bin/ee:\
:path=~/bin /bin /usr/bin /usr/local/bin:\
:manpath=/usr/share/man /usr/local/man:\
:nologin=/etc/nologin:\
:cputime=1h30m:\
:datasize=8M:\
:stacksize=2M:\
:memorylocked=4M:\
:memoryuse=8M:\
:filesize=8M:\
:coredumpsize=8M:\
:openfiles=24:\
:maxproc=32:\
:cputime=unlimited:\
:datasize=unlimited:\
:stacksize=unlimited:\
:memorylocked=unlimited:\
:memoryuse=unlimited:\
:filesize=unlimited:\
:coredumpsize=unlimited:\
:openfiles=unlimited:\
:maxproc=unlimited:\
:priority=0:\
:requirehome:\
:passwordperiod=90d:\
:umask=002:\
:ignoretime@:\
:umask=022:
#
# A collection of common class names - forward them all to 'default'
# (login would normally do this anyway, but having a class name
# here suppresses the diagnostic)
#
standard:\
:tc=default:
xuser:\
:tc=default:
staff:\
:tc=default:
daemon:\
:tc=default;
news:\
:tc=default:
dialer:\
:tc=default:
#
# users of X (needs more resources!)
#
xuser:\
:manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\
:cputime=4h:\
:datasize=12M:\
:stacksize=4M:\
:filesize=8M:\
:memoryuse=16M:\
:openfiles=32:\
:maxproc=48:\
:tc=standard:
#
# Staff users - few restrictions and allow login anytime
#
staff:\
:ignorenologin:\
:ignoretime:\
:requirehome@:\
:accounted@:\
:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
:umask=022:\
:tc=standard:
#
# root - fallback for root logins
# Root can always login
#
root:\
:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
:cputime=infinity:\
:datasize=infinity:\
:stacksize=infinity:\
:memorylocked=infinity:\
:memoryuse=infinity:\
:filesize=infinity:\
:coredumpsize=infinity:\
:openfiles=infinity:\
:maxproc=infinity:\
:memoryuse-cur=32M:\
:maxproc-cur=64:\
:openfiles-cur=1024:\
:priority=0:\
:requirehome@:\
:umask=022:\
:tc=auth-root-defaults:
#
# Settings used by /etc/rc
#
daemon:\
:coredumpsize@:\
:coredumpsize-cur=0:\
:datasize=infinity:\
:datasize-cur@:\
:maxproc=512:\
:maxproc-cur@:\
:memoryuse-cur=64M:\
:memorylocked-cur=64M:\
:openfiles=1024:\
:openfiles-cur@:\
:stacksize=16M:\
:stacksize-cur@:\
:ignorenologin:\
:tc=default:
#
# Settings used by news subsystem
#
news:\
:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
:cputime=infinity:\
:filesize=128M:\
:datasize-cur=64M:\
:stacksize-cur=32M:\
:coredumpsize-cur=0:\
:maxmemorysize-cur=128M:\
:memorylocked=32M:\
:maxproc=128:\
:openfiles=256:\
:tc=default:
#
# The dialer class should be used for a dialup PPP/SLIP accounts
# Welcome messages/news suppressed
#
dialer:\
:hushlogin:\
:requirehome@:\
:cputime=unlimited:\
:filesize=2M:\
:datasize=2M:\
:stacksize=4M:\
:coredumpsize=0:\
:memoryuse=4M:\
:memorylocked=1M:\
:maxproc=16:\
:openfiles=32:\
:tc=standard:
#
# Site full-time 24/7 PPP/SLIP connections
# - no time accounting, restricted to access via dialin lines
#
site:\
:ignoretime:\
:passwordperiod@:\
:refreshtime@:\
:refreshperiod@:\
:sessionlimit@:\
:autodelete@:\
:expireperiod@:\
:graceexpire@:\
:gracetime@:\
:warnexpire@:\
:warnpassword@:\
:idletime@:\
:sessiontime@:\
:daytime@:\
:weektime@:\
:monthtime@:\
:warntime@:\
:accounted@:\
:tc=dialer:\
:tc=staff:
#
# Example standard accounting entries for subscriber levels
#
subscriber|Subscribers:\
:accounted:\
:refreshtime=180d:\
:refreshperiod@:\
:sessionlimit@:\
:autodelete=30d:\
:expireperiod=180d:\
:graceexpire=7d:\
:gracetime=10m:\
:warnexpire=7d:\
:warnpassword=7d:\
:idletime=30m:\
:sessiontime=4h:\
:daytime=6h:\
:weektime=40h:\
:monthtime=120h:\
:warntime=4h:\
:tc=standard:
#
# Subscriber accounts. These accounts have their login times
# accounted and have access limits applied.
#
subppp|PPP Subscriber Accounts:\
:tc=dialer:\
:tc=subscriber:
subslip|SLIP Subscriber Accounts:\
:tc=dialer:\
:tc=subscriber:
subshell:Shell Subscriber Accounts:\
:tc=subscriber:
#
# Russian Users Accounts. Setup proper environment variables.
#
@ -255,3 +72,257 @@ russian:Russian Users Accounts:\
:charset=KOI8-R:\
:lang=ru_RU.KOI8-R:\
:tc=default:
######################################################################
######################################################################
##
## Example entries
##
######################################################################
######################################################################
## Authentication methods
## Note that these are disabled by default, and libutil must
## be rebuilt with LOGIN_CAP_AUTH defined to use them.
#
#auth-defaults:\
# :auth=krb_skey_or_passwd,passwd,kerberos,skey:
#
#auth-root-defaults:\
# :auth-login=krb_skey_or_passwd,passwd,kerberos,skey:\
# :auth-rlogin=krb_or_skey,kerberos,skey:
#
#auth-ftp-defaults:\
# :auth=skey_or_pwd,passwd,skey:
#
#
## Example defaults
## These settings are used by login(1) by default for classless users
## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
#
#default:\
# :cputime=infinity:\
# :datasize-cur=22M:\
# :stacksize-cur=8M:\
# :memorylocked-cur=10M:\
# :memoryuse-cur=30M:\
# :filesize=infinity:\
# :coredumpsize=infinity:\
# :maxproc-cur=64:\
# :openfiles-cur=64:\
# :priority=0:\
# :requirehome@:\
# :umask=022:\
# :tc=auth-defaults:
#
#
##
## standard - standard user defaults
##
#standard:\
# :copyright=/etc/COPYRIGHT:\
# :welcome=/etc/motd:\
# :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,EDITOR=/usr/bin/ee:\
# :path=~/bin /bin /usr/bin /usr/local/bin:\
# :manpath=/usr/share/man /usr/local/man:\
# :nologin=/etc/nologin:\
# :cputime=1h30m:\
# :datasize=8M:\
# :stacksize=2M:\
# :memorylocked=4M:\
# :memoryuse=8M:\
# :filesize=8M:\
# :coredumpsize=8M:\
# :openfiles=24:\
# :maxproc=32:\
# :priority=0:\
# :requirehome:\
# :passwordperiod=90d:\
# :umask=002:\
# :ignoretime@:\
# :tc=default:
#
#
##
## users of X (needs more resources!)
##
#xuser:\
# :manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\
# :cputime=4h:\
# :datasize=12M:\
# :stacksize=4M:\
# :filesize=8M:\
# :memoryuse=16M:\
# :openfiles=32:\
# :maxproc=48:\
# :tc=standard:
#
#
##
## Staff users - few restrictions and allow login anytime
##
#staff:\
# :ignorenologin:\
# :ignoretime:\
# :requirehome@:\
# :accounted@:\
# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
# :umask=022:\
# :tc=standard:
#
#
##
## root - fallback for root logins
##
#root:\
# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
# :cputime=infinity:\
# :datasize=infinity:\
# :stacksize=infinity:\
# :memorylocked=infinity:\
# :memoryuse=infinity:\
# :filesize=infinity:\
# :coredumpsize=infinity:\
# :openfiles=infinity:\
# :maxproc=infinity:\
# :memoryuse-cur=32M:\
# :maxproc-cur=64:\
# :openfiles-cur=1024:\
# :priority=0:\
# :requirehome@:\
# :umask=022:\
# :tc=auth-root-defaults:
#
#
##
## Settings used by /etc/rc
##
#daemon:\
# :coredumpsize@:\
# :coredumpsize-cur=0:\
# :datasize=infinity:\
# :datasize-cur@:\
# :maxproc=512:\
# :maxproc-cur@:\
# :memoryuse-cur=64M:\
# :memorylocked-cur=64M:\
# :openfiles=1024:\
# :openfiles-cur@:\
# :stacksize=16M:\
# :stacksize-cur@:\
# :tc=default:
#
#
##
## Settings used by news subsystem
##
#news:\
# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
# :cputime=infinity:\
# :filesize=128M:\
# :datasize-cur=64M:\
# :stacksize-cur=32M:\
# :coredumpsize-cur=0:\
# :maxmemorysize-cur=128M:\
# :memorylocked=32M:\
# :maxproc=128:\
# :openfiles=256:\
# :tc=default:
#
#
##
## The dialer class should be used for a dialup PPP/SLIP accounts
## Welcome messages/news suppressed
##
#dialer:\
# :hushlogin:\
# :requirehome@:\
# :cputime=unlimited:\
# :filesize=2M:\
# :datasize=2M:\
# :stacksize=4M:\
# :coredumpsize=0:\
# :memoryuse=4M:\
# :memorylocked=1M:\
# :maxproc=16:\
# :openfiles=32:\
# :tc=standard:
#
#
##
## Site full-time 24/7 PPP/SLIP connections
## - no time accounting, restricted to access via dialin lines
##
#site:\
# :ignoretime:\
# :passwordperiod@:\
# :refreshtime@:\
# :refreshperiod@:\
# :sessionlimit@:\
# :autodelete@:\
# :expireperiod@:\
# :graceexpire@:\
# :gracetime@:\
# :warnexpire@:\
# :warnpassword@:\
# :idletime@:\
# :sessiontime@:\
# :daytime@:\
# :weektime@:\
# :monthtime@:\
# :warntime@:\
# :accounted@:\
# :tc=dialer:\
# :tc=staff:
#
#
##
## Example standard accounting entries for subscriber levels
##
#
#subscriber|Subscribers:\
# :accounted:\
# :refreshtime=180d:\
# :refreshperiod@:\
# :sessionlimit@:\
# :autodelete=30d:\
# :expireperiod=180d:\
# :graceexpire=7d:\
# :gracetime=10m:\
# :warnexpire=7d:\
# :warnpassword=7d:\
# :idletime=30m:\
# :sessiontime=4h:\
# :daytime=6h:\
# :weektime=40h:\
# :monthtime=120h:\
# :warntime=4h:\
# :tc=standard:
#
#
##
## Subscriber accounts. These accounts have their login times
## accounted and have access limits applied.
##
#subppp|PPP Subscriber Accounts:\
# :tc=dialer:\
# :tc=subscriber:
#
#
#subslip|SLIP Subscriber Accounts:\
# :tc=dialer:\
# :tc=subscriber:
#
#
#subshell:Shell Subscriber Accounts:\
# :tc=subscriber:
#
#
##
## Russian Users Accounts. Setup proper environment variables.
##
#russian:Russian Users Accounts:\
# :charset=KOI8-R:\
# :lang=ru_RU.KOI8-R:\
# :tc=default: