# login.conf - login class capabilities database. # # Remember to rebuild the database after each change to this file: # # cap_mkdb /etc/login.conf # # This file controls resource limits, accounting limits and # default user environment settings. # # # Default settings effectively disable resource limits, see the # examples below for a starting point to enable them. # defaults # These settings are used by login(1) by default for classless users # Note that entries like "cputime" set both "cputime-cur" and "cputime-max" # # Note that since a colon ':' is used to separate capability entries, # a \c escape sequence must be used to embed a literal colon in the # value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX # AND SEMANTICS'' section of getcap(3) for more escape sequences). default:\ :passwd_format=blf:\ :copyright=/etc/COPYRIGHT:\ :welcome=/var/run/motd:\ :setenv=BLOCKSIZE=K:\ :mail=/var/mail/$:\ :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\ :nologin=/var/run/nologin:\ :cputime=unlimited:\ :datasize=unlimited:\ :stacksize=unlimited:\ :memorylocked=128M:\ :memoryuse=unlimited:\ :filesize=unlimited:\ :coredumpsize=unlimited:\ :openfiles=unlimited:\ :maxproc=unlimited:\ :sbsize=unlimited:\ :vmemoryuse=unlimited:\ :swapuse=unlimited:\ :pseudoterminals=unlimited:\ :kqueues=unlimited:\ :umtxp=unlimited:\ :pipebuf=unlimited:\ :priority=0:\ :ignoretime@:\ :umask=022:\ :charset=UTF-8:\ :lang=en_US.UTF-8: # # A collection of common class names - forward them all to 'default' # (login would normally do this anyway, but having a class name # here suppresses the diagnostic) # standard:\ :tc=default: xuser:\ :tc=default: staff:\ :tc=default: # This PATH may be clobbered by individual applications. Notably, by default, # rc(8), service(8), and cron(8) will all override it with a default PATH that # may not include /usr/local/sbin and /usr/local/bin when starting services or # jobs. daemon:\ :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin:\ :mail@:\ :memorylocked=128M:\ :tc=default: news:\ :tc=default: dialer:\ :tc=default: # # Root can always login # # N.B. login_getpwclass(3) will use this entry for the root account, # in preference to 'default'. root:\ :ignorenologin:\ :memorylocked=unlimited:\ :tc=default: # # Russian Users Accounts. Setup proper environment variables. # russian|Russian Users Accounts:\ :charset=UTF-8:\ :lang=ru_RU.UTF-8:\ :tc=default: ###################################################################### ###################################################################### ## ## Example entries ## ###################################################################### ###################################################################### ## Example defaults ## These settings are used by login(1) by default for classless users ## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" # #default:\ # :cputime=infinity:\ # :datasize-cur=22M:\ # :stacksize-cur=8M:\ # :memorylocked-cur=10M:\ # :memoryuse-cur=30M:\ # :filesize=infinity:\ # :coredumpsize=infinity:\ # :maxproc-cur=64:\ # :openfiles-cur=64:\ # :priority=0:\ # :requirehome@:\ # :umask=022:\ # :tc=auth-defaults: # # ## ## standard - standard user defaults ## #standard:\ # :copyright=/etc/COPYRIGHT:\ # :welcome=/var/run/motd:\ # :setenv=BLOCKSIZE=K:\ # :mail=/var/mail/$:\ # :path=~/bin /bin /usr/bin /usr/local/bin:\ # :manpath=/usr/share/man /usr/local/man:\ # :nologin=/var/run/nologin:\ # :cputime=1h30m:\ # :datasize=8M:\ # :vmemoryuse=100M:\ # :stacksize=2M:\ # :memorylocked=4M:\ # :memoryuse=8M:\ # :filesize=8M:\ # :coredumpsize=8M:\ # :openfiles=24:\ # :maxproc=32:\ # :priority=0:\ # :requirehome:\ # :passwordtime=90d:\ # :umask=002:\ # :ignoretime@:\ # :tc=default: # # ## ## users of X (needs more resources!) ## #xuser:\ # :manpath=/usr/share/man /usr/local/man:\ # :cputime=4h:\ # :datasize=12M:\ # :vmemoryuse=infinity:\ # :stacksize=4M:\ # :filesize=8M:\ # :memoryuse=16M:\ # :openfiles=32:\ # :maxproc=48:\ # :tc=standard: # # ## ## Staff users - few restrictions and allow login anytime ## #staff:\ # :ignorenologin:\ # :ignoretime:\ # :requirehome@:\ # :accounted@:\ # :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ # :umask=022:\ # :tc=standard: # # ## ## root - fallback for root logins ## #root:\ # :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ # :cputime=infinity:\ # :datasize=infinity:\ # :stacksize=infinity:\ # :memorylocked=infinity:\ # :memoryuse=infinity:\ # :filesize=infinity:\ # :coredumpsize=infinity:\ # :openfiles=infinity:\ # :maxproc=infinity:\ # :memoryuse-cur=32M:\ # :maxproc-cur=64:\ # :openfiles-cur=1024:\ # :priority=0:\ # :requirehome@:\ # :umask=022:\ # :tc=auth-root-defaults: # # ## ## Settings used by /etc/rc ## #daemon:\ # :coredumpsize@:\ # :coredumpsize-cur=0:\ # :datasize=infinity:\ # :datasize-cur@:\ # :maxproc=512:\ # :maxproc-cur@:\ # :memoryuse-cur=64M:\ # :memorylocked-cur=64M:\ # :openfiles=1024:\ # :openfiles-cur@:\ # :stacksize=16M:\ # :stacksize-cur@:\ # :tc=default: # # ## ## Settings used by news subsystem ## #news:\ # :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ # :cputime=infinity:\ # :filesize=128M:\ # :datasize-cur=64M:\ # :stacksize-cur=32M:\ # :coredumpsize-cur=0:\ # :maxmemorysize-cur=128M:\ # :memorylocked=32M:\ # :maxproc=128:\ # :openfiles=256:\ # :tc=default: # # ## ## The dialer class should be used for a dialup PPP account ## Welcome messages/news suppressed ## #dialer:\ # :hushlogin:\ # :requirehome@:\ # :cputime=unlimited:\ # :filesize=2M:\ # :datasize=2M:\ # :stacksize=4M:\ # :coredumpsize=0:\ # :memoryuse=4M:\ # :memorylocked=1M:\ # :maxproc=16:\ # :openfiles=32:\ # :tc=standard: # # ## ## Site full-time 24/7 PPP connection ## - no time accounting, restricted to access via dialin lines ## #site:\ # :ignoretime:\ # :passwordtime@:\ # :refreshtime@:\ # :refreshperiod@:\ # :sessionlimit@:\ # :autodelete@:\ # :expireperiod@:\ # :graceexpire@:\ # :gracetime@:\ # :warnexpire@:\ # :warnpassword@:\ # :idletime@:\ # :sessiontime@:\ # :daytime@:\ # :weektime@:\ # :monthtime@:\ # :warntime@:\ # :accounted@:\ # :tc=dialer:\ # :tc=staff: # # ## ## Example standard accounting entries for subscriber levels ## # #subscriber|Subscribers:\ # :accounted:\ # :refreshtime=180d:\ # :refreshperiod@:\ # :sessionlimit@:\ # :autodelete=30d:\ # :expireperiod=180d:\ # :graceexpire=7d:\ # :gracetime=10m:\ # :warnexpire=7d:\ # :warnpassword=7d:\ # :idletime=30m:\ # :sessiontime=4h:\ # :daytime=6h:\ # :weektime=40h:\ # :monthtime=120h:\ # :warntime=4h:\ # :tc=standard: # # ## ## Subscriber accounts. These accounts have their login times ## accounted and have access limits applied. ## #subppp|PPP Subscriber Accounts:\ # :tc=dialer:\ # :tc=subscriber: # # #subshell|Shell Subscriber Accounts:\ # :tc=subscriber: # ## ## If you want some of the accounts to use traditional UNIX DES based ## password hashes. ## #des_users:\ # :passwd_format=des:\ # :tc=default: