1# login.conf - login class capabilities database. 2# 3# Remember to rebuild the database after each change to this file: 4# 5# cap_mkdb /etc/login.conf 6# 7# This file controls resource limits, accounting limits and 8# default user environment settings. 9# 10# $FreeBSD$ 11# 12 13# Default settings effectively disable resource limits, see the 14# examples below for a starting point to enable them. 15 16# defaults 17# These settings are used by login(1) by default for classless users 18# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 19# 20# Note that since a colon ':' is used to separate capability entries, 21# a \c escape sequence must be used to embed a literal colon in the 22# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX 23# AND SEMANTICS'' section of getcap(3) for more escape sequences). 24 25default:\ 26 :passwd_format=sha512:\ 27 :copyright=/etc/COPYRIGHT:\ 28 :welcome=/var/run/motd:\ 29 :setenv=BLOCKSIZE=K:\ 30 :mail=/var/mail/$:\ 31 :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\ 32 :nologin=/var/run/nologin:\ 33 :cputime=unlimited:\ 34 :datasize=unlimited:\ 35 :stacksize=unlimited:\ 36 :memorylocked=64K:\ 37 :memoryuse=unlimited:\ 38 :filesize=unlimited:\ 39 :coredumpsize=unlimited:\ 40 :openfiles=unlimited:\ 41 :maxproc=unlimited:\ 42 :sbsize=unlimited:\ 43 :vmemoryuse=unlimited:\ 44 :swapuse=unlimited:\ 45 :pseudoterminals=unlimited:\ 46 :kqueues=unlimited:\ 47 :umtxp=unlimited:\ 48 :priority=0:\ 49 :ignoretime@:\ 50 :umask=022: 51 52 53# 54# A collection of common class names - forward them all to 'default' 55# (login would normally do this anyway, but having a class name 56# here suppresses the diagnostic) 57# 58standard:\ 59 :tc=default: 60xuser:\ 61 :tc=default: 62staff:\ 63 :tc=default: 64daemon:\ 65 :mail@:\ 66 :memorylocked=128M:\ 67 :tc=default: 68news:\ 69 :tc=default: 70dialer:\ 71 :tc=default: 72 73# 74# Root can always login 75# 76# N.B. login_getpwclass(3) will use this entry for the root account, 77# in preference to 'default'. 78root:\ 79 :ignorenologin:\ 80 :memorylocked=unlimited:\ 81 :tc=default: 82 83# 84# Russian Users Accounts. Setup proper environment variables. 85# 86russian|Russian Users Accounts:\ 87 :charset=UTF-8:\ 88 :lang=ru_RU.UTF-8:\ 89 :tc=default: 90 91 92###################################################################### 93###################################################################### 94## 95## Example entries 96## 97###################################################################### 98###################################################################### 99 100## Example defaults 101## These settings are used by login(1) by default for classless users 102## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 103# 104#default:\ 105# :cputime=infinity:\ 106# :datasize-cur=22M:\ 107# :stacksize-cur=8M:\ 108# :memorylocked-cur=10M:\ 109# :memoryuse-cur=30M:\ 110# :filesize=infinity:\ 111# :coredumpsize=infinity:\ 112# :maxproc-cur=64:\ 113# :openfiles-cur=64:\ 114# :priority=0:\ 115# :requirehome@:\ 116# :umask=022:\ 117# :tc=auth-defaults: 118# 119# 120## 121## standard - standard user defaults 122## 123#standard:\ 124# :copyright=/etc/COPYRIGHT:\ 125# :welcome=/var/run/motd:\ 126# :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ 127# :path=~/bin /bin /usr/bin /usr/local/bin:\ 128# :manpath=/usr/share/man /usr/local/man:\ 129# :nologin=/var/run/nologin:\ 130# :cputime=1h30m:\ 131# :datasize=8M:\ 132# :vmemoryuse=100M:\ 133# :stacksize=2M:\ 134# :memorylocked=4M:\ 135# :memoryuse=8M:\ 136# :filesize=8M:\ 137# :coredumpsize=8M:\ 138# :openfiles=24:\ 139# :maxproc=32:\ 140# :priority=0:\ 141# :requirehome:\ 142# :passwordtime=90d:\ 143# :umask=002:\ 144# :ignoretime@:\ 145# :tc=default: 146# 147# 148## 149## users of X (needs more resources!) 150## 151#xuser:\ 152# :manpath=/usr/share/man /usr/local/man:\ 153# :cputime=4h:\ 154# :datasize=12M:\ 155# :vmemoryuse=infinity:\ 156# :stacksize=4M:\ 157# :filesize=8M:\ 158# :memoryuse=16M:\ 159# :openfiles=32:\ 160# :maxproc=48:\ 161# :tc=standard: 162# 163# 164## 165## Staff users - few restrictions and allow login anytime 166## 167#staff:\ 168# :ignorenologin:\ 169# :ignoretime:\ 170# :requirehome@:\ 171# :accounted@:\ 172# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 173# :umask=022:\ 174# :tc=standard: 175# 176# 177## 178## root - fallback for root logins 179## 180#root:\ 181# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 182# :cputime=infinity:\ 183# :datasize=infinity:\ 184# :stacksize=infinity:\ 185# :memorylocked=infinity:\ 186# :memoryuse=infinity:\ 187# :filesize=infinity:\ 188# :coredumpsize=infinity:\ 189# :openfiles=infinity:\ 190# :maxproc=infinity:\ 191# :memoryuse-cur=32M:\ 192# :maxproc-cur=64:\ 193# :openfiles-cur=1024:\ 194# :priority=0:\ 195# :requirehome@:\ 196# :umask=022:\ 197# :tc=auth-root-defaults: 198# 199# 200## 201## Settings used by /etc/rc 202## 203#daemon:\ 204# :coredumpsize@:\ 205# :coredumpsize-cur=0:\ 206# :datasize=infinity:\ 207# :datasize-cur@:\ 208# :maxproc=512:\ 209# :maxproc-cur@:\ 210# :memoryuse-cur=64M:\ 211# :memorylocked-cur=64M:\ 212# :openfiles=1024:\ 213# :openfiles-cur@:\ 214# :stacksize=16M:\ 215# :stacksize-cur@:\ 216# :tc=default: 217# 218# 219## 220## Settings used by news subsystem 221## 222#news:\ 223# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 224# :cputime=infinity:\ 225# :filesize=128M:\ 226# :datasize-cur=64M:\ 227# :stacksize-cur=32M:\ 228# :coredumpsize-cur=0:\ 229# :maxmemorysize-cur=128M:\ 230# :memorylocked=32M:\ 231# :maxproc=128:\ 232# :openfiles=256:\ 233# :tc=default: 234# 235# 236## 237## The dialer class should be used for a dialup PPP account 238## Welcome messages/news suppressed 239## 240#dialer:\ 241# :hushlogin:\ 242# :requirehome@:\ 243# :cputime=unlimited:\ 244# :filesize=2M:\ 245# :datasize=2M:\ 246# :stacksize=4M:\ 247# :coredumpsize=0:\ 248# :memoryuse=4M:\ 249# :memorylocked=1M:\ 250# :maxproc=16:\ 251# :openfiles=32:\ 252# :tc=standard: 253# 254# 255## 256## Site full-time 24/7 PPP connection 257## - no time accounting, restricted to access via dialin lines 258## 259#site:\ 260# :ignoretime:\ 261# :passwordtime@:\ 262# :refreshtime@:\ 263# :refreshperiod@:\ 264# :sessionlimit@:\ 265# :autodelete@:\ 266# :expireperiod@:\ 267# :graceexpire@:\ 268# :gracetime@:\ 269# :warnexpire@:\ 270# :warnpassword@:\ 271# :idletime@:\ 272# :sessiontime@:\ 273# :daytime@:\ 274# :weektime@:\ 275# :monthtime@:\ 276# :warntime@:\ 277# :accounted@:\ 278# :tc=dialer:\ 279# :tc=staff: 280# 281# 282## 283## Example standard accounting entries for subscriber levels 284## 285# 286#subscriber|Subscribers:\ 287# :accounted:\ 288# :refreshtime=180d:\ 289# :refreshperiod@:\ 290# :sessionlimit@:\ 291# :autodelete=30d:\ 292# :expireperiod=180d:\ 293# :graceexpire=7d:\ 294# :gracetime=10m:\ 295# :warnexpire=7d:\ 296# :warnpassword=7d:\ 297# :idletime=30m:\ 298# :sessiontime=4h:\ 299# :daytime=6h:\ 300# :weektime=40h:\ 301# :monthtime=120h:\ 302# :warntime=4h:\ 303# :tc=standard: 304# 305# 306## 307## Subscriber accounts. These accounts have their login times 308## accounted and have access limits applied. 309## 310#subppp|PPP Subscriber Accounts:\ 311# :tc=dialer:\ 312# :tc=subscriber: 313# 314# 315#subshell|Shell Subscriber Accounts:\ 316# :tc=subscriber: 317# 318## 319## If you want some of the accounts to use traditional UNIX DES based 320## password hashes. 321## 322#des_users:\ 323# :passwd_format=des:\ 324# :tc=default: 325