1# login.conf - login class capabilities database. 2# 3# Remember to rebuild the database after each change to this file: 4# 5# cap_mkdb /etc/login.conf 6# 7# This file controls resource limits, accounting limits and 8# default user environment settings. 9# 10# 11 12# Default settings effectively disable resource limits, see the 13# examples below for a starting point to enable them. 14 15# defaults 16# These settings are used by login(1) by default for classless users 17# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 18# 19# Note that since a colon ':' is used to separate capability entries, 20# a \c escape sequence must be used to embed a literal colon in the 21# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX 22# AND SEMANTICS'' section of getcap(3) for more escape sequences). 23 24default:\ 25 :passwd_format=sha512:\ 26 :copyright=/etc/COPYRIGHT:\ 27 :welcome=/var/run/motd:\ 28 :setenv=BLOCKSIZE=K:\ 29 :mail=/var/mail/$:\ 30 :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\ 31 :nologin=/var/run/nologin:\ 32 :cputime=unlimited:\ 33 :datasize=unlimited:\ 34 :stacksize=unlimited:\ 35 :memorylocked=64K:\ 36 :memoryuse=unlimited:\ 37 :filesize=unlimited:\ 38 :coredumpsize=unlimited:\ 39 :openfiles=unlimited:\ 40 :maxproc=unlimited:\ 41 :sbsize=unlimited:\ 42 :vmemoryuse=unlimited:\ 43 :swapuse=unlimited:\ 44 :pseudoterminals=unlimited:\ 45 :kqueues=unlimited:\ 46 :umtxp=unlimited:\ 47 :priority=0:\ 48 :ignoretime@:\ 49 :umask=022:\ 50 :charset=UTF-8:\ 51 :lang=C.UTF-8: 52 53# 54# A collection of common class names - forward them all to 'default' 55# (login would normally do this anyway, but having a class name 56# here suppresses the diagnostic) 57# 58standard:\ 59 :tc=default: 60xuser:\ 61 :tc=default: 62staff:\ 63 :tc=default: 64 65# This PATH may be clobbered by individual applications. Notably, by default, 66# rc(8), service(8), and cron(8) will all override it with a default PATH that 67# may not include /usr/local/sbin and /usr/local/bin when starting services or 68# jobs. 69daemon:\ 70 :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin:\ 71 :mail@:\ 72 :memorylocked=128M:\ 73 :tc=default: 74news:\ 75 :tc=default: 76dialer:\ 77 :tc=default: 78 79# 80# Root can always login 81# 82# N.B. login_getpwclass(3) will use this entry for the root account, 83# in preference to 'default'. 84root:\ 85 :ignorenologin:\ 86 :memorylocked=unlimited:\ 87 :tc=default: 88 89# 90# Russian Users Accounts. Setup proper environment variables. 91# 92russian|Russian Users Accounts:\ 93 :charset=UTF-8:\ 94 :lang=ru_RU.UTF-8:\ 95 :tc=default: 96 97 98###################################################################### 99###################################################################### 100## 101## Example entries 102## 103###################################################################### 104###################################################################### 105 106## Example defaults 107## These settings are used by login(1) by default for classless users 108## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 109# 110#default:\ 111# :cputime=infinity:\ 112# :datasize-cur=22M:\ 113# :stacksize-cur=8M:\ 114# :memorylocked-cur=10M:\ 115# :memoryuse-cur=30M:\ 116# :filesize=infinity:\ 117# :coredumpsize=infinity:\ 118# :maxproc-cur=64:\ 119# :openfiles-cur=64:\ 120# :priority=0:\ 121# :requirehome@:\ 122# :umask=022:\ 123# :tc=auth-defaults: 124# 125# 126## 127## standard - standard user defaults 128## 129#standard:\ 130# :copyright=/etc/COPYRIGHT:\ 131# :welcome=/var/run/motd:\ 132# :setenv=BLOCKSIZE=K:\ 133# :mail=/var/mail/$:\ 134# :path=~/bin /bin /usr/bin /usr/local/bin:\ 135# :manpath=/usr/share/man /usr/local/man:\ 136# :nologin=/var/run/nologin:\ 137# :cputime=1h30m:\ 138# :datasize=8M:\ 139# :vmemoryuse=100M:\ 140# :stacksize=2M:\ 141# :memorylocked=4M:\ 142# :memoryuse=8M:\ 143# :filesize=8M:\ 144# :coredumpsize=8M:\ 145# :openfiles=24:\ 146# :maxproc=32:\ 147# :priority=0:\ 148# :requirehome:\ 149# :passwordtime=90d:\ 150# :umask=002:\ 151# :ignoretime@:\ 152# :tc=default: 153# 154# 155## 156## users of X (needs more resources!) 157## 158#xuser:\ 159# :manpath=/usr/share/man /usr/local/man:\ 160# :cputime=4h:\ 161# :datasize=12M:\ 162# :vmemoryuse=infinity:\ 163# :stacksize=4M:\ 164# :filesize=8M:\ 165# :memoryuse=16M:\ 166# :openfiles=32:\ 167# :maxproc=48:\ 168# :tc=standard: 169# 170# 171## 172## Staff users - few restrictions and allow login anytime 173## 174#staff:\ 175# :ignorenologin:\ 176# :ignoretime:\ 177# :requirehome@:\ 178# :accounted@:\ 179# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 180# :umask=022:\ 181# :tc=standard: 182# 183# 184## 185## root - fallback for root logins 186## 187#root:\ 188# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 189# :cputime=infinity:\ 190# :datasize=infinity:\ 191# :stacksize=infinity:\ 192# :memorylocked=infinity:\ 193# :memoryuse=infinity:\ 194# :filesize=infinity:\ 195# :coredumpsize=infinity:\ 196# :openfiles=infinity:\ 197# :maxproc=infinity:\ 198# :memoryuse-cur=32M:\ 199# :maxproc-cur=64:\ 200# :openfiles-cur=1024:\ 201# :priority=0:\ 202# :requirehome@:\ 203# :umask=022:\ 204# :tc=auth-root-defaults: 205# 206# 207## 208## Settings used by /etc/rc 209## 210#daemon:\ 211# :coredumpsize@:\ 212# :coredumpsize-cur=0:\ 213# :datasize=infinity:\ 214# :datasize-cur@:\ 215# :maxproc=512:\ 216# :maxproc-cur@:\ 217# :memoryuse-cur=64M:\ 218# :memorylocked-cur=64M:\ 219# :openfiles=1024:\ 220# :openfiles-cur@:\ 221# :stacksize=16M:\ 222# :stacksize-cur@:\ 223# :tc=default: 224# 225# 226## 227## Settings used by news subsystem 228## 229#news:\ 230# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 231# :cputime=infinity:\ 232# :filesize=128M:\ 233# :datasize-cur=64M:\ 234# :stacksize-cur=32M:\ 235# :coredumpsize-cur=0:\ 236# :maxmemorysize-cur=128M:\ 237# :memorylocked=32M:\ 238# :maxproc=128:\ 239# :openfiles=256:\ 240# :tc=default: 241# 242# 243## 244## The dialer class should be used for a dialup PPP account 245## Welcome messages/news suppressed 246## 247#dialer:\ 248# :hushlogin:\ 249# :requirehome@:\ 250# :cputime=unlimited:\ 251# :filesize=2M:\ 252# :datasize=2M:\ 253# :stacksize=4M:\ 254# :coredumpsize=0:\ 255# :memoryuse=4M:\ 256# :memorylocked=1M:\ 257# :maxproc=16:\ 258# :openfiles=32:\ 259# :tc=standard: 260# 261# 262## 263## Site full-time 24/7 PPP connection 264## - no time accounting, restricted to access via dialin lines 265## 266#site:\ 267# :ignoretime:\ 268# :passwordtime@:\ 269# :refreshtime@:\ 270# :refreshperiod@:\ 271# :sessionlimit@:\ 272# :autodelete@:\ 273# :expireperiod@:\ 274# :graceexpire@:\ 275# :gracetime@:\ 276# :warnexpire@:\ 277# :warnpassword@:\ 278# :idletime@:\ 279# :sessiontime@:\ 280# :daytime@:\ 281# :weektime@:\ 282# :monthtime@:\ 283# :warntime@:\ 284# :accounted@:\ 285# :tc=dialer:\ 286# :tc=staff: 287# 288# 289## 290## Example standard accounting entries for subscriber levels 291## 292# 293#subscriber|Subscribers:\ 294# :accounted:\ 295# :refreshtime=180d:\ 296# :refreshperiod@:\ 297# :sessionlimit@:\ 298# :autodelete=30d:\ 299# :expireperiod=180d:\ 300# :graceexpire=7d:\ 301# :gracetime=10m:\ 302# :warnexpire=7d:\ 303# :warnpassword=7d:\ 304# :idletime=30m:\ 305# :sessiontime=4h:\ 306# :daytime=6h:\ 307# :weektime=40h:\ 308# :monthtime=120h:\ 309# :warntime=4h:\ 310# :tc=standard: 311# 312# 313## 314## Subscriber accounts. These accounts have their login times 315## accounted and have access limits applied. 316## 317#subppp|PPP Subscriber Accounts:\ 318# :tc=dialer:\ 319# :tc=subscriber: 320# 321# 322#subshell|Shell Subscriber Accounts:\ 323# :tc=subscriber: 324# 325## 326## If you want some of the accounts to use traditional UNIX DES based 327## password hashes. 328## 329#des_users:\ 330# :passwd_format=des:\ 331# :tc=default: 332