250d9fd8aa
login.conf(5) support. Reviewed by: jilles Sponsored by: The FreeBSD Foundation Differential revision: https://reviews.freebsd.org/D5610
323 lines
6.6 KiB
Plaintext
323 lines
6.6 KiB
Plaintext
# login.conf - login class capabilities database.
|
|
#
|
|
# Remember to rebuild the database after each change to this file:
|
|
#
|
|
# cap_mkdb /etc/login.conf
|
|
#
|
|
# This file controls resource limits, accounting limits and
|
|
# default user environment settings.
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# Default settings effectively disable resource limits, see the
|
|
# examples below for a starting point to enable them.
|
|
|
|
# defaults
|
|
# These settings are used by login(1) by default for classless users
|
|
# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
|
|
#
|
|
# Note that since a colon ':' is used to separate capability entries,
|
|
# a \c escape sequence must be used to embed a literal colon in the
|
|
# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX
|
|
# AND SEMANTICS'' section of getcap(3) for more escape sequences).
|
|
|
|
default:\
|
|
:passwd_format=sha512:\
|
|
:copyright=/etc/COPYRIGHT:\
|
|
:welcome=/etc/motd:\
|
|
:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
|
|
:path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\
|
|
:nologin=/var/run/nologin:\
|
|
:cputime=unlimited:\
|
|
:datasize=unlimited:\
|
|
:stacksize=unlimited:\
|
|
:memorylocked=64K:\
|
|
:memoryuse=unlimited:\
|
|
:filesize=unlimited:\
|
|
:coredumpsize=unlimited:\
|
|
:openfiles=unlimited:\
|
|
:maxproc=unlimited:\
|
|
:sbsize=unlimited:\
|
|
:vmemoryuse=unlimited:\
|
|
:swapuse=unlimited:\
|
|
:pseudoterminals=unlimited:\
|
|
:kqueues=unlimited:\
|
|
:umtxp=unlimited:\
|
|
:priority=0:\
|
|
:ignoretime@:\
|
|
:umask=022:
|
|
|
|
|
|
#
|
|
# A collection of common class names - forward them all to 'default'
|
|
# (login would normally do this anyway, but having a class name
|
|
# here suppresses the diagnostic)
|
|
#
|
|
standard:\
|
|
:tc=default:
|
|
xuser:\
|
|
:tc=default:
|
|
staff:\
|
|
:tc=default:
|
|
daemon:\
|
|
:memorylocked=128M:\
|
|
:tc=default:
|
|
news:\
|
|
:tc=default:
|
|
dialer:\
|
|
:tc=default:
|
|
|
|
#
|
|
# Root can always login
|
|
#
|
|
# N.B. login_getpwclass(3) will use this entry for the root account,
|
|
# in preference to 'default'.
|
|
root:\
|
|
:ignorenologin:\
|
|
:memorylocked=unlimited:\
|
|
:tc=default:
|
|
|
|
#
|
|
# Russian Users Accounts. Setup proper environment variables.
|
|
#
|
|
russian|Russian Users Accounts:\
|
|
:charset=UTF-8:\
|
|
:lang=ru_RU.UTF-8:\
|
|
:tc=default:
|
|
|
|
|
|
######################################################################
|
|
######################################################################
|
|
##
|
|
## Example entries
|
|
##
|
|
######################################################################
|
|
######################################################################
|
|
|
|
## Example defaults
|
|
## These settings are used by login(1) by default for classless users
|
|
## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
|
|
#
|
|
#default:\
|
|
# :cputime=infinity:\
|
|
# :datasize-cur=22M:\
|
|
# :stacksize-cur=8M:\
|
|
# :memorylocked-cur=10M:\
|
|
# :memoryuse-cur=30M:\
|
|
# :filesize=infinity:\
|
|
# :coredumpsize=infinity:\
|
|
# :maxproc-cur=64:\
|
|
# :openfiles-cur=64:\
|
|
# :priority=0:\
|
|
# :requirehome@:\
|
|
# :umask=022:\
|
|
# :tc=auth-defaults:
|
|
#
|
|
#
|
|
##
|
|
## standard - standard user defaults
|
|
##
|
|
#standard:\
|
|
# :copyright=/etc/COPYRIGHT:\
|
|
# :welcome=/etc/motd:\
|
|
# :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
|
|
# :path=~/bin /bin /usr/bin /usr/local/bin:\
|
|
# :manpath=/usr/share/man /usr/local/man:\
|
|
# :nologin=/var/run/nologin:\
|
|
# :cputime=1h30m:\
|
|
# :datasize=8M:\
|
|
# :vmemoryuse=100M:\
|
|
# :stacksize=2M:\
|
|
# :memorylocked=4M:\
|
|
# :memoryuse=8M:\
|
|
# :filesize=8M:\
|
|
# :coredumpsize=8M:\
|
|
# :openfiles=24:\
|
|
# :maxproc=32:\
|
|
# :priority=0:\
|
|
# :requirehome:\
|
|
# :passwordtime=90d:\
|
|
# :umask=002:\
|
|
# :ignoretime@:\
|
|
# :tc=default:
|
|
#
|
|
#
|
|
##
|
|
## users of X (needs more resources!)
|
|
##
|
|
#xuser:\
|
|
# :manpath=/usr/share/man /usr/local/man:\
|
|
# :cputime=4h:\
|
|
# :datasize=12M:\
|
|
# :vmemoryuse=infinity:\
|
|
# :stacksize=4M:\
|
|
# :filesize=8M:\
|
|
# :memoryuse=16M:\
|
|
# :openfiles=32:\
|
|
# :maxproc=48:\
|
|
# :tc=standard:
|
|
#
|
|
#
|
|
##
|
|
## Staff users - few restrictions and allow login anytime
|
|
##
|
|
#staff:\
|
|
# :ignorenologin:\
|
|
# :ignoretime:\
|
|
# :requirehome@:\
|
|
# :accounted@:\
|
|
# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
|
|
# :umask=022:\
|
|
# :tc=standard:
|
|
#
|
|
#
|
|
##
|
|
## root - fallback for root logins
|
|
##
|
|
#root:\
|
|
# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
|
|
# :cputime=infinity:\
|
|
# :datasize=infinity:\
|
|
# :stacksize=infinity:\
|
|
# :memorylocked=infinity:\
|
|
# :memoryuse=infinity:\
|
|
# :filesize=infinity:\
|
|
# :coredumpsize=infinity:\
|
|
# :openfiles=infinity:\
|
|
# :maxproc=infinity:\
|
|
# :memoryuse-cur=32M:\
|
|
# :maxproc-cur=64:\
|
|
# :openfiles-cur=1024:\
|
|
# :priority=0:\
|
|
# :requirehome@:\
|
|
# :umask=022:\
|
|
# :tc=auth-root-defaults:
|
|
#
|
|
#
|
|
##
|
|
## Settings used by /etc/rc
|
|
##
|
|
#daemon:\
|
|
# :coredumpsize@:\
|
|
# :coredumpsize-cur=0:\
|
|
# :datasize=infinity:\
|
|
# :datasize-cur@:\
|
|
# :maxproc=512:\
|
|
# :maxproc-cur@:\
|
|
# :memoryuse-cur=64M:\
|
|
# :memorylocked-cur=64M:\
|
|
# :openfiles=1024:\
|
|
# :openfiles-cur@:\
|
|
# :stacksize=16M:\
|
|
# :stacksize-cur@:\
|
|
# :tc=default:
|
|
#
|
|
#
|
|
##
|
|
## Settings used by news subsystem
|
|
##
|
|
#news:\
|
|
# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
|
|
# :cputime=infinity:\
|
|
# :filesize=128M:\
|
|
# :datasize-cur=64M:\
|
|
# :stacksize-cur=32M:\
|
|
# :coredumpsize-cur=0:\
|
|
# :maxmemorysize-cur=128M:\
|
|
# :memorylocked=32M:\
|
|
# :maxproc=128:\
|
|
# :openfiles=256:\
|
|
# :tc=default:
|
|
#
|
|
#
|
|
##
|
|
## The dialer class should be used for a dialup PPP account
|
|
## Welcome messages/news suppressed
|
|
##
|
|
#dialer:\
|
|
# :hushlogin:\
|
|
# :requirehome@:\
|
|
# :cputime=unlimited:\
|
|
# :filesize=2M:\
|
|
# :datasize=2M:\
|
|
# :stacksize=4M:\
|
|
# :coredumpsize=0:\
|
|
# :memoryuse=4M:\
|
|
# :memorylocked=1M:\
|
|
# :maxproc=16:\
|
|
# :openfiles=32:\
|
|
# :tc=standard:
|
|
#
|
|
#
|
|
##
|
|
## Site full-time 24/7 PPP connection
|
|
## - no time accounting, restricted to access via dialin lines
|
|
##
|
|
#site:\
|
|
# :ignoretime:\
|
|
# :passwordtime@:\
|
|
# :refreshtime@:\
|
|
# :refreshperiod@:\
|
|
# :sessionlimit@:\
|
|
# :autodelete@:\
|
|
# :expireperiod@:\
|
|
# :graceexpire@:\
|
|
# :gracetime@:\
|
|
# :warnexpire@:\
|
|
# :warnpassword@:\
|
|
# :idletime@:\
|
|
# :sessiontime@:\
|
|
# :daytime@:\
|
|
# :weektime@:\
|
|
# :monthtime@:\
|
|
# :warntime@:\
|
|
# :accounted@:\
|
|
# :tc=dialer:\
|
|
# :tc=staff:
|
|
#
|
|
#
|
|
##
|
|
## Example standard accounting entries for subscriber levels
|
|
##
|
|
#
|
|
#subscriber|Subscribers:\
|
|
# :accounted:\
|
|
# :refreshtime=180d:\
|
|
# :refreshperiod@:\
|
|
# :sessionlimit@:\
|
|
# :autodelete=30d:\
|
|
# :expireperiod=180d:\
|
|
# :graceexpire=7d:\
|
|
# :gracetime=10m:\
|
|
# :warnexpire=7d:\
|
|
# :warnpassword=7d:\
|
|
# :idletime=30m:\
|
|
# :sessiontime=4h:\
|
|
# :daytime=6h:\
|
|
# :weektime=40h:\
|
|
# :monthtime=120h:\
|
|
# :warntime=4h:\
|
|
# :tc=standard:
|
|
#
|
|
#
|
|
##
|
|
## Subscriber accounts. These accounts have their login times
|
|
## accounted and have access limits applied.
|
|
##
|
|
#subppp|PPP Subscriber Accounts:\
|
|
# :tc=dialer:\
|
|
# :tc=subscriber:
|
|
#
|
|
#
|
|
#subshell|Shell Subscriber Accounts:\
|
|
# :tc=subscriber:
|
|
#
|
|
##
|
|
## If you want some of the accounts to use traditional UNIX DES based
|
|
## password hashes.
|
|
##
|
|
#des_users:\
|
|
# :passwd_format=des:\
|
|
# :tc=default:
|