xref: /freebsd/usr.bin/login/login.conf (revision acf2957e49f798b82c130cbf6e4e5ef986911bba)
1# login.conf - login class capabilities database.
2#
3# Remember to rebuild the database after each change to this file:
4#
5#	cap_mkdb /etc/login.conf
6#
7# This file controls resource limits, accounting limits and
8# default user environment settings.
9#
10# $FreeBSD$
11#
12
13# Default settings effectively disable resource limits, see the
14# examples below for a starting point to enable them.
15
16# defaults
17# These settings are used by login(1) by default for classless users
18# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
19#
20# Note that since a colon ':' is used to separate capability entries,
21# a \c escape sequence must be used to embed a literal colon in the
22# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX
23# AND SEMANTICS'' section of getcap(3) for more escape sequences).
24
25default:\
26	:passwd_format=sha512:\
27	:copyright=/etc/COPYRIGHT:\
28	:welcome=/var/run/motd:\
29	:setenv=BLOCKSIZE=K:\
30	:mail=/var/mail/$:\
31	:path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\
32	:nologin=/var/run/nologin:\
33	:cputime=unlimited:\
34	:datasize=unlimited:\
35	:stacksize=unlimited:\
36	:memorylocked=64K:\
37	:memoryuse=unlimited:\
38	:filesize=unlimited:\
39	:coredumpsize=unlimited:\
40	:openfiles=unlimited:\
41	:maxproc=unlimited:\
42	:sbsize=unlimited:\
43	:vmemoryuse=unlimited:\
44	:swapuse=unlimited:\
45	:pseudoterminals=unlimited:\
46	:kqueues=unlimited:\
47	:umtxp=unlimited:\
48	:priority=0:\
49	:ignoretime@:\
50	:umask=022:
51
52
53#
54# A collection of common class names - forward them all to 'default'
55# (login would normally do this anyway, but having a class name
56#  here suppresses the diagnostic)
57#
58standard:\
59	:tc=default:
60xuser:\
61	:tc=default:
62staff:\
63	:tc=default:
64daemon:\
65	:mail@:\
66	:memorylocked=128M:\
67	:tc=default:
68news:\
69	:tc=default:
70dialer:\
71	:tc=default:
72
73#
74# Root can always login
75#
76# N.B.  login_getpwclass(3) will use this entry for the root account,
77#       in preference to 'default'.
78root:\
79	:ignorenologin:\
80	:memorylocked=unlimited:\
81	:tc=default:
82
83#
84# Russian Users Accounts. Setup proper environment variables.
85#
86russian|Russian Users Accounts:\
87	:charset=UTF-8:\
88	:lang=ru_RU.UTF-8:\
89	:tc=default:
90
91
92######################################################################
93######################################################################
94##
95## Example entries
96##
97######################################################################
98######################################################################
99
100## Example defaults
101## These settings are used by login(1) by default for classless users
102## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
103#
104#default:\
105#	:cputime=infinity:\
106#	:datasize-cur=22M:\
107#	:stacksize-cur=8M:\
108#	:memorylocked-cur=10M:\
109#	:memoryuse-cur=30M:\
110#	:filesize=infinity:\
111#	:coredumpsize=infinity:\
112#	:maxproc-cur=64:\
113#	:openfiles-cur=64:\
114#	:priority=0:\
115#	:requirehome@:\
116#	:umask=022:\
117#	:tc=auth-defaults:
118#
119#
120##
121## standard - standard user defaults
122##
123#standard:\
124#	:copyright=/etc/COPYRIGHT:\
125#	:welcome=/var/run/motd:\
126#	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
127#	:path=~/bin /bin /usr/bin /usr/local/bin:\
128#	:manpath=/usr/share/man /usr/local/man:\
129#	:nologin=/var/run/nologin:\
130#	:cputime=1h30m:\
131#	:datasize=8M:\
132#	:vmemoryuse=100M:\
133#	:stacksize=2M:\
134#	:memorylocked=4M:\
135#	:memoryuse=8M:\
136#	:filesize=8M:\
137#	:coredumpsize=8M:\
138#	:openfiles=24:\
139#	:maxproc=32:\
140#	:priority=0:\
141#	:requirehome:\
142#	:passwordtime=90d:\
143#	:umask=002:\
144#	:ignoretime@:\
145#	:tc=default:
146#
147#
148##
149## users of X (needs more resources!)
150##
151#xuser:\
152#	:manpath=/usr/share/man /usr/local/man:\
153#	:cputime=4h:\
154#	:datasize=12M:\
155#	:vmemoryuse=infinity:\
156#	:stacksize=4M:\
157#	:filesize=8M:\
158#	:memoryuse=16M:\
159#	:openfiles=32:\
160#	:maxproc=48:\
161#	:tc=standard:
162#
163#
164##
165## Staff users - few restrictions and allow login anytime
166##
167#staff:\
168#	:ignorenologin:\
169#	:ignoretime:\
170#	:requirehome@:\
171#	:accounted@:\
172#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
173#	:umask=022:\
174#	:tc=standard:
175#
176#
177##
178## root - fallback for root logins
179##
180#root:\
181#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
182#	:cputime=infinity:\
183#	:datasize=infinity:\
184#	:stacksize=infinity:\
185#	:memorylocked=infinity:\
186#	:memoryuse=infinity:\
187#	:filesize=infinity:\
188#	:coredumpsize=infinity:\
189#	:openfiles=infinity:\
190#	:maxproc=infinity:\
191#	:memoryuse-cur=32M:\
192#	:maxproc-cur=64:\
193#	:openfiles-cur=1024:\
194#	:priority=0:\
195#	:requirehome@:\
196#	:umask=022:\
197#	:tc=auth-root-defaults:
198#
199#
200##
201## Settings used by /etc/rc
202##
203#daemon:\
204#	:coredumpsize@:\
205#	:coredumpsize-cur=0:\
206#	:datasize=infinity:\
207#	:datasize-cur@:\
208#	:maxproc=512:\
209#	:maxproc-cur@:\
210#	:memoryuse-cur=64M:\
211#	:memorylocked-cur=64M:\
212#	:openfiles=1024:\
213#	:openfiles-cur@:\
214#	:stacksize=16M:\
215#	:stacksize-cur@:\
216#	:tc=default:
217#
218#
219##
220## Settings used by news subsystem
221##
222#news:\
223#	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
224#	:cputime=infinity:\
225#	:filesize=128M:\
226#	:datasize-cur=64M:\
227#	:stacksize-cur=32M:\
228#	:coredumpsize-cur=0:\
229#	:maxmemorysize-cur=128M:\
230#	:memorylocked=32M:\
231#	:maxproc=128:\
232#	:openfiles=256:\
233#	:tc=default:
234#
235#
236##
237## The dialer class should be used for a dialup PPP account
238## Welcome messages/news suppressed
239##
240#dialer:\
241#	:hushlogin:\
242#	:requirehome@:\
243#	:cputime=unlimited:\
244#	:filesize=2M:\
245#	:datasize=2M:\
246#	:stacksize=4M:\
247#	:coredumpsize=0:\
248#	:memoryuse=4M:\
249#	:memorylocked=1M:\
250#	:maxproc=16:\
251#	:openfiles=32:\
252#	:tc=standard:
253#
254#
255##
256## Site full-time 24/7 PPP connection
257## - no time accounting, restricted to access via dialin lines
258##
259#site:\
260#	:ignoretime:\
261#	:passwordtime@:\
262#	:refreshtime@:\
263#	:refreshperiod@:\
264#	:sessionlimit@:\
265#	:autodelete@:\
266#	:expireperiod@:\
267#	:graceexpire@:\
268#	:gracetime@:\
269#	:warnexpire@:\
270#	:warnpassword@:\
271#	:idletime@:\
272#	:sessiontime@:\
273#	:daytime@:\
274#	:weektime@:\
275#	:monthtime@:\
276#	:warntime@:\
277#	:accounted@:\
278#	:tc=dialer:\
279#	:tc=staff:
280#
281#
282##
283## Example standard accounting entries for subscriber levels
284##
285#
286#subscriber|Subscribers:\
287#	:accounted:\
288#	:refreshtime=180d:\
289#	:refreshperiod@:\
290#	:sessionlimit@:\
291#	:autodelete=30d:\
292#	:expireperiod=180d:\
293#	:graceexpire=7d:\
294#	:gracetime=10m:\
295#	:warnexpire=7d:\
296#	:warnpassword=7d:\
297#	:idletime=30m:\
298#	:sessiontime=4h:\
299#	:daytime=6h:\
300#	:weektime=40h:\
301#	:monthtime=120h:\
302#	:warntime=4h:\
303#	:tc=standard:
304#
305#
306##
307## Subscriber accounts. These accounts have their login times
308## accounted and have access limits applied.
309##
310#subppp|PPP Subscriber Accounts:\
311#	:tc=dialer:\
312#	:tc=subscriber:
313#
314#
315#subshell|Shell Subscriber Accounts:\
316#	:tc=subscriber:
317#
318##
319## If you want some of the accounts to use traditional UNIX DES based
320## password hashes.
321##
322#des_users:\
323#	:passwd_format=des:\
324#	:tc=default:
325