1d3b764acSBrad Davis# login.conf - login class capabilities database. 2d3b764acSBrad Davis# 3d3b764acSBrad Davis# Remember to rebuild the database after each change to this file: 4d3b764acSBrad Davis# 5d3b764acSBrad Davis# cap_mkdb /etc/login.conf 6d3b764acSBrad Davis# 7d3b764acSBrad Davis# This file controls resource limits, accounting limits and 8d3b764acSBrad Davis# default user environment settings. 9d3b764acSBrad Davis# 10d3b764acSBrad Davis# 11d3b764acSBrad Davis 12d3b764acSBrad Davis# Default settings effectively disable resource limits, see the 13d3b764acSBrad Davis# examples below for a starting point to enable them. 14d3b764acSBrad Davis 15d3b764acSBrad Davis# defaults 16d3b764acSBrad Davis# These settings are used by login(1) by default for classless users 17d3b764acSBrad Davis# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 18d3b764acSBrad Davis# 19d3b764acSBrad Davis# Note that since a colon ':' is used to separate capability entries, 20d3b764acSBrad Davis# a \c escape sequence must be used to embed a literal colon in the 21d3b764acSBrad Davis# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX 22d3b764acSBrad Davis# AND SEMANTICS'' section of getcap(3) for more escape sequences). 23d3b764acSBrad Davis 24d3b764acSBrad Davisdefault:\ 25d3b764acSBrad Davis :passwd_format=sha512:\ 26d3b764acSBrad Davis :copyright=/etc/COPYRIGHT:\ 272826da43SConrad Meyer :welcome=/var/run/motd:\ 28acf2957eSKyle Evans :setenv=BLOCKSIZE=K:\ 29acf2957eSKyle Evans :mail=/var/mail/$:\ 30d3b764acSBrad Davis :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\ 31d3b764acSBrad Davis :nologin=/var/run/nologin:\ 32d3b764acSBrad Davis :cputime=unlimited:\ 33d3b764acSBrad Davis :datasize=unlimited:\ 34d3b764acSBrad Davis :stacksize=unlimited:\ 35d3b764acSBrad Davis :memorylocked=64K:\ 36d3b764acSBrad Davis :memoryuse=unlimited:\ 37d3b764acSBrad Davis :filesize=unlimited:\ 38d3b764acSBrad Davis :coredumpsize=unlimited:\ 39d3b764acSBrad Davis :openfiles=unlimited:\ 40d3b764acSBrad Davis :maxproc=unlimited:\ 41d3b764acSBrad Davis :sbsize=unlimited:\ 42d3b764acSBrad Davis :vmemoryuse=unlimited:\ 43d3b764acSBrad Davis :swapuse=unlimited:\ 44d3b764acSBrad Davis :pseudoterminals=unlimited:\ 45d3b764acSBrad Davis :kqueues=unlimited:\ 46d3b764acSBrad Davis :umtxp=unlimited:\ 47*b029e29eSKonstantin Belousov :pipebuf=unlimited:\ 48d3b764acSBrad Davis :priority=0:\ 49d3b764acSBrad Davis :ignoretime@:\ 5009ef995bSBaptiste Daroussin :umask=022:\ 5109ef995bSBaptiste Daroussin :charset=UTF-8:\ 5209ef995bSBaptiste Daroussin :lang=C.UTF-8: 53d3b764acSBrad Davis 54d3b764acSBrad Davis# 55d3b764acSBrad Davis# A collection of common class names - forward them all to 'default' 56d3b764acSBrad Davis# (login would normally do this anyway, but having a class name 57d3b764acSBrad Davis# here suppresses the diagnostic) 58d3b764acSBrad Davis# 59d3b764acSBrad Davisstandard:\ 60d3b764acSBrad Davis :tc=default: 61d3b764acSBrad Davisxuser:\ 62d3b764acSBrad Davis :tc=default: 63d3b764acSBrad Davisstaff:\ 64d3b764acSBrad Davis :tc=default: 65ed6f64ffSKyle Evans 66ed6f64ffSKyle Evans# This PATH may be clobbered by individual applications. Notably, by default, 67ed6f64ffSKyle Evans# rc(8), service(8), and cron(8) will all override it with a default PATH that 68ed6f64ffSKyle Evans# may not include /usr/local/sbin and /usr/local/bin when starting services or 69ed6f64ffSKyle Evans# jobs. 70d3b764acSBrad Davisdaemon:\ 71ed6f64ffSKyle Evans :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin:\ 72acf2957eSKyle Evans :mail@:\ 73d3b764acSBrad Davis :memorylocked=128M:\ 74d3b764acSBrad Davis :tc=default: 75d3b764acSBrad Davisnews:\ 76d3b764acSBrad Davis :tc=default: 77d3b764acSBrad Davisdialer:\ 78d3b764acSBrad Davis :tc=default: 79d3b764acSBrad Davis 80d3b764acSBrad Davis# 81d3b764acSBrad Davis# Root can always login 82d3b764acSBrad Davis# 83d3b764acSBrad Davis# N.B. login_getpwclass(3) will use this entry for the root account, 84d3b764acSBrad Davis# in preference to 'default'. 85d3b764acSBrad Davisroot:\ 86d3b764acSBrad Davis :ignorenologin:\ 87d3b764acSBrad Davis :memorylocked=unlimited:\ 88d3b764acSBrad Davis :tc=default: 89d3b764acSBrad Davis 90d3b764acSBrad Davis# 91d3b764acSBrad Davis# Russian Users Accounts. Setup proper environment variables. 92d3b764acSBrad Davis# 93d3b764acSBrad Davisrussian|Russian Users Accounts:\ 94d3b764acSBrad Davis :charset=UTF-8:\ 95d3b764acSBrad Davis :lang=ru_RU.UTF-8:\ 96d3b764acSBrad Davis :tc=default: 97d3b764acSBrad Davis 98d3b764acSBrad Davis 99d3b764acSBrad Davis###################################################################### 100d3b764acSBrad Davis###################################################################### 101d3b764acSBrad Davis## 102d3b764acSBrad Davis## Example entries 103d3b764acSBrad Davis## 104d3b764acSBrad Davis###################################################################### 105d3b764acSBrad Davis###################################################################### 106d3b764acSBrad Davis 107d3b764acSBrad Davis## Example defaults 108d3b764acSBrad Davis## These settings are used by login(1) by default for classless users 109d3b764acSBrad Davis## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 110d3b764acSBrad Davis# 111d3b764acSBrad Davis#default:\ 112d3b764acSBrad Davis# :cputime=infinity:\ 113d3b764acSBrad Davis# :datasize-cur=22M:\ 114d3b764acSBrad Davis# :stacksize-cur=8M:\ 115d3b764acSBrad Davis# :memorylocked-cur=10M:\ 116d3b764acSBrad Davis# :memoryuse-cur=30M:\ 117d3b764acSBrad Davis# :filesize=infinity:\ 118d3b764acSBrad Davis# :coredumpsize=infinity:\ 119d3b764acSBrad Davis# :maxproc-cur=64:\ 120d3b764acSBrad Davis# :openfiles-cur=64:\ 121d3b764acSBrad Davis# :priority=0:\ 122d3b764acSBrad Davis# :requirehome@:\ 123d3b764acSBrad Davis# :umask=022:\ 124d3b764acSBrad Davis# :tc=auth-defaults: 125d3b764acSBrad Davis# 126d3b764acSBrad Davis# 127d3b764acSBrad Davis## 128d3b764acSBrad Davis## standard - standard user defaults 129d3b764acSBrad Davis## 130d3b764acSBrad Davis#standard:\ 131d3b764acSBrad Davis# :copyright=/etc/COPYRIGHT:\ 1322826da43SConrad Meyer# :welcome=/var/run/motd:\ 133020419b6SKyle Evans# :setenv=BLOCKSIZE=K:\ 134020419b6SKyle Evans# :mail=/var/mail/$:\ 135d3b764acSBrad Davis# :path=~/bin /bin /usr/bin /usr/local/bin:\ 136d3b764acSBrad Davis# :manpath=/usr/share/man /usr/local/man:\ 137d3b764acSBrad Davis# :nologin=/var/run/nologin:\ 138d3b764acSBrad Davis# :cputime=1h30m:\ 139d3b764acSBrad Davis# :datasize=8M:\ 140d3b764acSBrad Davis# :vmemoryuse=100M:\ 141d3b764acSBrad Davis# :stacksize=2M:\ 142d3b764acSBrad Davis# :memorylocked=4M:\ 143d3b764acSBrad Davis# :memoryuse=8M:\ 144d3b764acSBrad Davis# :filesize=8M:\ 145d3b764acSBrad Davis# :coredumpsize=8M:\ 146d3b764acSBrad Davis# :openfiles=24:\ 147d3b764acSBrad Davis# :maxproc=32:\ 148d3b764acSBrad Davis# :priority=0:\ 149d3b764acSBrad Davis# :requirehome:\ 150d3b764acSBrad Davis# :passwordtime=90d:\ 151d3b764acSBrad Davis# :umask=002:\ 152d3b764acSBrad Davis# :ignoretime@:\ 153d3b764acSBrad Davis# :tc=default: 154d3b764acSBrad Davis# 155d3b764acSBrad Davis# 156d3b764acSBrad Davis## 157d3b764acSBrad Davis## users of X (needs more resources!) 158d3b764acSBrad Davis## 159d3b764acSBrad Davis#xuser:\ 160d3b764acSBrad Davis# :manpath=/usr/share/man /usr/local/man:\ 161d3b764acSBrad Davis# :cputime=4h:\ 162d3b764acSBrad Davis# :datasize=12M:\ 163d3b764acSBrad Davis# :vmemoryuse=infinity:\ 164d3b764acSBrad Davis# :stacksize=4M:\ 165d3b764acSBrad Davis# :filesize=8M:\ 166d3b764acSBrad Davis# :memoryuse=16M:\ 167d3b764acSBrad Davis# :openfiles=32:\ 168d3b764acSBrad Davis# :maxproc=48:\ 169d3b764acSBrad Davis# :tc=standard: 170d3b764acSBrad Davis# 171d3b764acSBrad Davis# 172d3b764acSBrad Davis## 173d3b764acSBrad Davis## Staff users - few restrictions and allow login anytime 174d3b764acSBrad Davis## 175d3b764acSBrad Davis#staff:\ 176d3b764acSBrad Davis# :ignorenologin:\ 177d3b764acSBrad Davis# :ignoretime:\ 178d3b764acSBrad Davis# :requirehome@:\ 179d3b764acSBrad Davis# :accounted@:\ 180d3b764acSBrad Davis# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 181d3b764acSBrad Davis# :umask=022:\ 182d3b764acSBrad Davis# :tc=standard: 183d3b764acSBrad Davis# 184d3b764acSBrad Davis# 185d3b764acSBrad Davis## 186d3b764acSBrad Davis## root - fallback for root logins 187d3b764acSBrad Davis## 188d3b764acSBrad Davis#root:\ 189d3b764acSBrad Davis# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 190d3b764acSBrad Davis# :cputime=infinity:\ 191d3b764acSBrad Davis# :datasize=infinity:\ 192d3b764acSBrad Davis# :stacksize=infinity:\ 193d3b764acSBrad Davis# :memorylocked=infinity:\ 194d3b764acSBrad Davis# :memoryuse=infinity:\ 195d3b764acSBrad Davis# :filesize=infinity:\ 196d3b764acSBrad Davis# :coredumpsize=infinity:\ 197d3b764acSBrad Davis# :openfiles=infinity:\ 198d3b764acSBrad Davis# :maxproc=infinity:\ 199d3b764acSBrad Davis# :memoryuse-cur=32M:\ 200d3b764acSBrad Davis# :maxproc-cur=64:\ 201d3b764acSBrad Davis# :openfiles-cur=1024:\ 202d3b764acSBrad Davis# :priority=0:\ 203d3b764acSBrad Davis# :requirehome@:\ 204d3b764acSBrad Davis# :umask=022:\ 205d3b764acSBrad Davis# :tc=auth-root-defaults: 206d3b764acSBrad Davis# 207d3b764acSBrad Davis# 208d3b764acSBrad Davis## 209d3b764acSBrad Davis## Settings used by /etc/rc 210d3b764acSBrad Davis## 211d3b764acSBrad Davis#daemon:\ 212d3b764acSBrad Davis# :coredumpsize@:\ 213d3b764acSBrad Davis# :coredumpsize-cur=0:\ 214d3b764acSBrad Davis# :datasize=infinity:\ 215d3b764acSBrad Davis# :datasize-cur@:\ 216d3b764acSBrad Davis# :maxproc=512:\ 217d3b764acSBrad Davis# :maxproc-cur@:\ 218d3b764acSBrad Davis# :memoryuse-cur=64M:\ 219d3b764acSBrad Davis# :memorylocked-cur=64M:\ 220d3b764acSBrad Davis# :openfiles=1024:\ 221d3b764acSBrad Davis# :openfiles-cur@:\ 222d3b764acSBrad Davis# :stacksize=16M:\ 223d3b764acSBrad Davis# :stacksize-cur@:\ 224d3b764acSBrad Davis# :tc=default: 225d3b764acSBrad Davis# 226d3b764acSBrad Davis# 227d3b764acSBrad Davis## 228d3b764acSBrad Davis## Settings used by news subsystem 229d3b764acSBrad Davis## 230d3b764acSBrad Davis#news:\ 231d3b764acSBrad Davis# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 232d3b764acSBrad Davis# :cputime=infinity:\ 233d3b764acSBrad Davis# :filesize=128M:\ 234d3b764acSBrad Davis# :datasize-cur=64M:\ 235d3b764acSBrad Davis# :stacksize-cur=32M:\ 236d3b764acSBrad Davis# :coredumpsize-cur=0:\ 237d3b764acSBrad Davis# :maxmemorysize-cur=128M:\ 238d3b764acSBrad Davis# :memorylocked=32M:\ 239d3b764acSBrad Davis# :maxproc=128:\ 240d3b764acSBrad Davis# :openfiles=256:\ 241d3b764acSBrad Davis# :tc=default: 242d3b764acSBrad Davis# 243d3b764acSBrad Davis# 244d3b764acSBrad Davis## 245d3b764acSBrad Davis## The dialer class should be used for a dialup PPP account 246d3b764acSBrad Davis## Welcome messages/news suppressed 247d3b764acSBrad Davis## 248d3b764acSBrad Davis#dialer:\ 249d3b764acSBrad Davis# :hushlogin:\ 250d3b764acSBrad Davis# :requirehome@:\ 251d3b764acSBrad Davis# :cputime=unlimited:\ 252d3b764acSBrad Davis# :filesize=2M:\ 253d3b764acSBrad Davis# :datasize=2M:\ 254d3b764acSBrad Davis# :stacksize=4M:\ 255d3b764acSBrad Davis# :coredumpsize=0:\ 256d3b764acSBrad Davis# :memoryuse=4M:\ 257d3b764acSBrad Davis# :memorylocked=1M:\ 258d3b764acSBrad Davis# :maxproc=16:\ 259d3b764acSBrad Davis# :openfiles=32:\ 260d3b764acSBrad Davis# :tc=standard: 261d3b764acSBrad Davis# 262d3b764acSBrad Davis# 263d3b764acSBrad Davis## 264d3b764acSBrad Davis## Site full-time 24/7 PPP connection 265d3b764acSBrad Davis## - no time accounting, restricted to access via dialin lines 266d3b764acSBrad Davis## 267d3b764acSBrad Davis#site:\ 268d3b764acSBrad Davis# :ignoretime:\ 269d3b764acSBrad Davis# :passwordtime@:\ 270d3b764acSBrad Davis# :refreshtime@:\ 271d3b764acSBrad Davis# :refreshperiod@:\ 272d3b764acSBrad Davis# :sessionlimit@:\ 273d3b764acSBrad Davis# :autodelete@:\ 274d3b764acSBrad Davis# :expireperiod@:\ 275d3b764acSBrad Davis# :graceexpire@:\ 276d3b764acSBrad Davis# :gracetime@:\ 277d3b764acSBrad Davis# :warnexpire@:\ 278d3b764acSBrad Davis# :warnpassword@:\ 279d3b764acSBrad Davis# :idletime@:\ 280d3b764acSBrad Davis# :sessiontime@:\ 281d3b764acSBrad Davis# :daytime@:\ 282d3b764acSBrad Davis# :weektime@:\ 283d3b764acSBrad Davis# :monthtime@:\ 284d3b764acSBrad Davis# :warntime@:\ 285d3b764acSBrad Davis# :accounted@:\ 286d3b764acSBrad Davis# :tc=dialer:\ 287d3b764acSBrad Davis# :tc=staff: 288d3b764acSBrad Davis# 289d3b764acSBrad Davis# 290d3b764acSBrad Davis## 291d3b764acSBrad Davis## Example standard accounting entries for subscriber levels 292d3b764acSBrad Davis## 293d3b764acSBrad Davis# 294d3b764acSBrad Davis#subscriber|Subscribers:\ 295d3b764acSBrad Davis# :accounted:\ 296d3b764acSBrad Davis# :refreshtime=180d:\ 297d3b764acSBrad Davis# :refreshperiod@:\ 298d3b764acSBrad Davis# :sessionlimit@:\ 299d3b764acSBrad Davis# :autodelete=30d:\ 300d3b764acSBrad Davis# :expireperiod=180d:\ 301d3b764acSBrad Davis# :graceexpire=7d:\ 302d3b764acSBrad Davis# :gracetime=10m:\ 303d3b764acSBrad Davis# :warnexpire=7d:\ 304d3b764acSBrad Davis# :warnpassword=7d:\ 305d3b764acSBrad Davis# :idletime=30m:\ 306d3b764acSBrad Davis# :sessiontime=4h:\ 307d3b764acSBrad Davis# :daytime=6h:\ 308d3b764acSBrad Davis# :weektime=40h:\ 309d3b764acSBrad Davis# :monthtime=120h:\ 310d3b764acSBrad Davis# :warntime=4h:\ 311d3b764acSBrad Davis# :tc=standard: 312d3b764acSBrad Davis# 313d3b764acSBrad Davis# 314d3b764acSBrad Davis## 315d3b764acSBrad Davis## Subscriber accounts. These accounts have their login times 316d3b764acSBrad Davis## accounted and have access limits applied. 317d3b764acSBrad Davis## 318d3b764acSBrad Davis#subppp|PPP Subscriber Accounts:\ 319d3b764acSBrad Davis# :tc=dialer:\ 320d3b764acSBrad Davis# :tc=subscriber: 321d3b764acSBrad Davis# 322d3b764acSBrad Davis# 323d3b764acSBrad Davis#subshell|Shell Subscriber Accounts:\ 324d3b764acSBrad Davis# :tc=subscriber: 325d3b764acSBrad Davis# 326d3b764acSBrad Davis## 327d3b764acSBrad Davis## If you want some of the accounts to use traditional UNIX DES based 328d3b764acSBrad Davis## password hashes. 329d3b764acSBrad Davis## 330d3b764acSBrad Davis#des_users:\ 331d3b764acSBrad Davis# :passwd_format=des:\ 332d3b764acSBrad Davis# :tc=default: 333