1# login.conf - login class capabilities database. 2# 3# Remember to rebuild the database after each change to this file: 4# 5# cap_mkdb /etc/login.conf 6# 7# This file controls resource limits, accounting limits and 8# default user environment settings. 9# 10# $FreeBSD$ 11# 12 13# Default settings effectively disable resource limits, see the 14# examples below for a starting point to enable them. 15 16# defaults 17# These settings are used by login(1) by default for classless users 18# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 19# 20# Note that since a colon ':' is used to separate capability entries, 21# a \c escape sequence must be used to embed a literal colon in the 22# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX 23# AND SEMANTICS'' section of getcap(3) for more escape sequences). 24 25default:\ 26 :passwd_format=sha512:\ 27 :copyright=/etc/COPYRIGHT:\ 28 :welcome=/var/run/motd:\ 29 :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ 30 :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\ 31 :nologin=/var/run/nologin:\ 32 :cputime=unlimited:\ 33 :datasize=unlimited:\ 34 :stacksize=unlimited:\ 35 :memorylocked=64K:\ 36 :memoryuse=unlimited:\ 37 :filesize=unlimited:\ 38 :coredumpsize=unlimited:\ 39 :openfiles=unlimited:\ 40 :maxproc=unlimited:\ 41 :sbsize=unlimited:\ 42 :vmemoryuse=unlimited:\ 43 :swapuse=unlimited:\ 44 :pseudoterminals=unlimited:\ 45 :kqueues=unlimited:\ 46 :umtxp=unlimited:\ 47 :priority=0:\ 48 :ignoretime@:\ 49 :umask=022: 50 51 52# 53# A collection of common class names - forward them all to 'default' 54# (login would normally do this anyway, but having a class name 55# here suppresses the diagnostic) 56# 57standard:\ 58 :tc=default: 59xuser:\ 60 :tc=default: 61staff:\ 62 :tc=default: 63daemon:\ 64 :memorylocked=128M:\ 65 :tc=default: 66news:\ 67 :tc=default: 68dialer:\ 69 :tc=default: 70 71# 72# Root can always login 73# 74# N.B. login_getpwclass(3) will use this entry for the root account, 75# in preference to 'default'. 76root:\ 77 :ignorenologin:\ 78 :memorylocked=unlimited:\ 79 :tc=default: 80 81# 82# Russian Users Accounts. Setup proper environment variables. 83# 84russian|Russian Users Accounts:\ 85 :charset=UTF-8:\ 86 :lang=ru_RU.UTF-8:\ 87 :tc=default: 88 89 90###################################################################### 91###################################################################### 92## 93## Example entries 94## 95###################################################################### 96###################################################################### 97 98## Example defaults 99## These settings are used by login(1) by default for classless users 100## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 101# 102#default:\ 103# :cputime=infinity:\ 104# :datasize-cur=22M:\ 105# :stacksize-cur=8M:\ 106# :memorylocked-cur=10M:\ 107# :memoryuse-cur=30M:\ 108# :filesize=infinity:\ 109# :coredumpsize=infinity:\ 110# :maxproc-cur=64:\ 111# :openfiles-cur=64:\ 112# :priority=0:\ 113# :requirehome@:\ 114# :umask=022:\ 115# :tc=auth-defaults: 116# 117# 118## 119## standard - standard user defaults 120## 121#standard:\ 122# :copyright=/etc/COPYRIGHT:\ 123# :welcome=/var/run/motd:\ 124# :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ 125# :path=~/bin /bin /usr/bin /usr/local/bin:\ 126# :manpath=/usr/share/man /usr/local/man:\ 127# :nologin=/var/run/nologin:\ 128# :cputime=1h30m:\ 129# :datasize=8M:\ 130# :vmemoryuse=100M:\ 131# :stacksize=2M:\ 132# :memorylocked=4M:\ 133# :memoryuse=8M:\ 134# :filesize=8M:\ 135# :coredumpsize=8M:\ 136# :openfiles=24:\ 137# :maxproc=32:\ 138# :priority=0:\ 139# :requirehome:\ 140# :passwordtime=90d:\ 141# :umask=002:\ 142# :ignoretime@:\ 143# :tc=default: 144# 145# 146## 147## users of X (needs more resources!) 148## 149#xuser:\ 150# :manpath=/usr/share/man /usr/local/man:\ 151# :cputime=4h:\ 152# :datasize=12M:\ 153# :vmemoryuse=infinity:\ 154# :stacksize=4M:\ 155# :filesize=8M:\ 156# :memoryuse=16M:\ 157# :openfiles=32:\ 158# :maxproc=48:\ 159# :tc=standard: 160# 161# 162## 163## Staff users - few restrictions and allow login anytime 164## 165#staff:\ 166# :ignorenologin:\ 167# :ignoretime:\ 168# :requirehome@:\ 169# :accounted@:\ 170# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 171# :umask=022:\ 172# :tc=standard: 173# 174# 175## 176## root - fallback for root logins 177## 178#root:\ 179# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 180# :cputime=infinity:\ 181# :datasize=infinity:\ 182# :stacksize=infinity:\ 183# :memorylocked=infinity:\ 184# :memoryuse=infinity:\ 185# :filesize=infinity:\ 186# :coredumpsize=infinity:\ 187# :openfiles=infinity:\ 188# :maxproc=infinity:\ 189# :memoryuse-cur=32M:\ 190# :maxproc-cur=64:\ 191# :openfiles-cur=1024:\ 192# :priority=0:\ 193# :requirehome@:\ 194# :umask=022:\ 195# :tc=auth-root-defaults: 196# 197# 198## 199## Settings used by /etc/rc 200## 201#daemon:\ 202# :coredumpsize@:\ 203# :coredumpsize-cur=0:\ 204# :datasize=infinity:\ 205# :datasize-cur@:\ 206# :maxproc=512:\ 207# :maxproc-cur@:\ 208# :memoryuse-cur=64M:\ 209# :memorylocked-cur=64M:\ 210# :openfiles=1024:\ 211# :openfiles-cur@:\ 212# :stacksize=16M:\ 213# :stacksize-cur@:\ 214# :tc=default: 215# 216# 217## 218## Settings used by news subsystem 219## 220#news:\ 221# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 222# :cputime=infinity:\ 223# :filesize=128M:\ 224# :datasize-cur=64M:\ 225# :stacksize-cur=32M:\ 226# :coredumpsize-cur=0:\ 227# :maxmemorysize-cur=128M:\ 228# :memorylocked=32M:\ 229# :maxproc=128:\ 230# :openfiles=256:\ 231# :tc=default: 232# 233# 234## 235## The dialer class should be used for a dialup PPP account 236## Welcome messages/news suppressed 237## 238#dialer:\ 239# :hushlogin:\ 240# :requirehome@:\ 241# :cputime=unlimited:\ 242# :filesize=2M:\ 243# :datasize=2M:\ 244# :stacksize=4M:\ 245# :coredumpsize=0:\ 246# :memoryuse=4M:\ 247# :memorylocked=1M:\ 248# :maxproc=16:\ 249# :openfiles=32:\ 250# :tc=standard: 251# 252# 253## 254## Site full-time 24/7 PPP connection 255## - no time accounting, restricted to access via dialin lines 256## 257#site:\ 258# :ignoretime:\ 259# :passwordtime@:\ 260# :refreshtime@:\ 261# :refreshperiod@:\ 262# :sessionlimit@:\ 263# :autodelete@:\ 264# :expireperiod@:\ 265# :graceexpire@:\ 266# :gracetime@:\ 267# :warnexpire@:\ 268# :warnpassword@:\ 269# :idletime@:\ 270# :sessiontime@:\ 271# :daytime@:\ 272# :weektime@:\ 273# :monthtime@:\ 274# :warntime@:\ 275# :accounted@:\ 276# :tc=dialer:\ 277# :tc=staff: 278# 279# 280## 281## Example standard accounting entries for subscriber levels 282## 283# 284#subscriber|Subscribers:\ 285# :accounted:\ 286# :refreshtime=180d:\ 287# :refreshperiod@:\ 288# :sessionlimit@:\ 289# :autodelete=30d:\ 290# :expireperiod=180d:\ 291# :graceexpire=7d:\ 292# :gracetime=10m:\ 293# :warnexpire=7d:\ 294# :warnpassword=7d:\ 295# :idletime=30m:\ 296# :sessiontime=4h:\ 297# :daytime=6h:\ 298# :weektime=40h:\ 299# :monthtime=120h:\ 300# :warntime=4h:\ 301# :tc=standard: 302# 303# 304## 305## Subscriber accounts. These accounts have their login times 306## accounted and have access limits applied. 307## 308#subppp|PPP Subscriber Accounts:\ 309# :tc=dialer:\ 310# :tc=subscriber: 311# 312# 313#subshell|Shell Subscriber Accounts:\ 314# :tc=subscriber: 315# 316## 317## If you want some of the accounts to use traditional UNIX DES based 318## password hashes. 319## 320#des_users:\ 321# :passwd_format=des:\ 322# :tc=default: 323