xref: /freebsd/usr.bin/login/login.conf (revision ed6f64ff8a90eee579fefef510329b5e9f1f9a65)
1# login.conf - login class capabilities database.
2#
3# Remember to rebuild the database after each change to this file:
4#
5#	cap_mkdb /etc/login.conf
6#
7# This file controls resource limits, accounting limits and
8# default user environment settings.
9#
10# $FreeBSD$
11#
12
13# Default settings effectively disable resource limits, see the
14# examples below for a starting point to enable them.
15
16# defaults
17# These settings are used by login(1) by default for classless users
18# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
19#
20# Note that since a colon ':' is used to separate capability entries,
21# a \c escape sequence must be used to embed a literal colon in the
22# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX
23# AND SEMANTICS'' section of getcap(3) for more escape sequences).
24
25default:\
26	:passwd_format=sha512:\
27	:copyright=/etc/COPYRIGHT:\
28	:welcome=/var/run/motd:\
29	:setenv=BLOCKSIZE=K:\
30	:mail=/var/mail/$:\
31	:path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\
32	:nologin=/var/run/nologin:\
33	:cputime=unlimited:\
34	:datasize=unlimited:\
35	:stacksize=unlimited:\
36	:memorylocked=64K:\
37	:memoryuse=unlimited:\
38	:filesize=unlimited:\
39	:coredumpsize=unlimited:\
40	:openfiles=unlimited:\
41	:maxproc=unlimited:\
42	:sbsize=unlimited:\
43	:vmemoryuse=unlimited:\
44	:swapuse=unlimited:\
45	:pseudoterminals=unlimited:\
46	:kqueues=unlimited:\
47	:umtxp=unlimited:\
48	:priority=0:\
49	:ignoretime@:\
50	:umask=022:
51
52
53#
54# A collection of common class names - forward them all to 'default'
55# (login would normally do this anyway, but having a class name
56#  here suppresses the diagnostic)
57#
58standard:\
59	:tc=default:
60xuser:\
61	:tc=default:
62staff:\
63	:tc=default:
64
65# This PATH may be clobbered by individual applications.  Notably, by default,
66# rc(8), service(8), and cron(8) will all override it with a default PATH that
67# may not include /usr/local/sbin and /usr/local/bin when starting services or
68# jobs.
69daemon:\
70	:path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin:\
71	:mail@:\
72	:memorylocked=128M:\
73	:tc=default:
74news:\
75	:tc=default:
76dialer:\
77	:tc=default:
78
79#
80# Root can always login
81#
82# N.B.  login_getpwclass(3) will use this entry for the root account,
83#       in preference to 'default'.
84root:\
85	:ignorenologin:\
86	:memorylocked=unlimited:\
87	:tc=default:
88
89#
90# Russian Users Accounts. Setup proper environment variables.
91#
92russian|Russian Users Accounts:\
93	:charset=UTF-8:\
94	:lang=ru_RU.UTF-8:\
95	:tc=default:
96
97
98######################################################################
99######################################################################
100##
101## Example entries
102##
103######################################################################
104######################################################################
105
106## Example defaults
107## These settings are used by login(1) by default for classless users
108## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
109#
110#default:\
111#	:cputime=infinity:\
112#	:datasize-cur=22M:\
113#	:stacksize-cur=8M:\
114#	:memorylocked-cur=10M:\
115#	:memoryuse-cur=30M:\
116#	:filesize=infinity:\
117#	:coredumpsize=infinity:\
118#	:maxproc-cur=64:\
119#	:openfiles-cur=64:\
120#	:priority=0:\
121#	:requirehome@:\
122#	:umask=022:\
123#	:tc=auth-defaults:
124#
125#
126##
127## standard - standard user defaults
128##
129#standard:\
130#	:copyright=/etc/COPYRIGHT:\
131#	:welcome=/var/run/motd:\
132#	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
133#	:path=~/bin /bin /usr/bin /usr/local/bin:\
134#	:manpath=/usr/share/man /usr/local/man:\
135#	:nologin=/var/run/nologin:\
136#	:cputime=1h30m:\
137#	:datasize=8M:\
138#	:vmemoryuse=100M:\
139#	:stacksize=2M:\
140#	:memorylocked=4M:\
141#	:memoryuse=8M:\
142#	:filesize=8M:\
143#	:coredumpsize=8M:\
144#	:openfiles=24:\
145#	:maxproc=32:\
146#	:priority=0:\
147#	:requirehome:\
148#	:passwordtime=90d:\
149#	:umask=002:\
150#	:ignoretime@:\
151#	:tc=default:
152#
153#
154##
155## users of X (needs more resources!)
156##
157#xuser:\
158#	:manpath=/usr/share/man /usr/local/man:\
159#	:cputime=4h:\
160#	:datasize=12M:\
161#	:vmemoryuse=infinity:\
162#	:stacksize=4M:\
163#	:filesize=8M:\
164#	:memoryuse=16M:\
165#	:openfiles=32:\
166#	:maxproc=48:\
167#	:tc=standard:
168#
169#
170##
171## Staff users - few restrictions and allow login anytime
172##
173#staff:\
174#	:ignorenologin:\
175#	:ignoretime:\
176#	:requirehome@:\
177#	:accounted@:\
178#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
179#	:umask=022:\
180#	:tc=standard:
181#
182#
183##
184## root - fallback for root logins
185##
186#root:\
187#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
188#	:cputime=infinity:\
189#	:datasize=infinity:\
190#	:stacksize=infinity:\
191#	:memorylocked=infinity:\
192#	:memoryuse=infinity:\
193#	:filesize=infinity:\
194#	:coredumpsize=infinity:\
195#	:openfiles=infinity:\
196#	:maxproc=infinity:\
197#	:memoryuse-cur=32M:\
198#	:maxproc-cur=64:\
199#	:openfiles-cur=1024:\
200#	:priority=0:\
201#	:requirehome@:\
202#	:umask=022:\
203#	:tc=auth-root-defaults:
204#
205#
206##
207## Settings used by /etc/rc
208##
209#daemon:\
210#	:coredumpsize@:\
211#	:coredumpsize-cur=0:\
212#	:datasize=infinity:\
213#	:datasize-cur@:\
214#	:maxproc=512:\
215#	:maxproc-cur@:\
216#	:memoryuse-cur=64M:\
217#	:memorylocked-cur=64M:\
218#	:openfiles=1024:\
219#	:openfiles-cur@:\
220#	:stacksize=16M:\
221#	:stacksize-cur@:\
222#	:tc=default:
223#
224#
225##
226## Settings used by news subsystem
227##
228#news:\
229#	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
230#	:cputime=infinity:\
231#	:filesize=128M:\
232#	:datasize-cur=64M:\
233#	:stacksize-cur=32M:\
234#	:coredumpsize-cur=0:\
235#	:maxmemorysize-cur=128M:\
236#	:memorylocked=32M:\
237#	:maxproc=128:\
238#	:openfiles=256:\
239#	:tc=default:
240#
241#
242##
243## The dialer class should be used for a dialup PPP account
244## Welcome messages/news suppressed
245##
246#dialer:\
247#	:hushlogin:\
248#	:requirehome@:\
249#	:cputime=unlimited:\
250#	:filesize=2M:\
251#	:datasize=2M:\
252#	:stacksize=4M:\
253#	:coredumpsize=0:\
254#	:memoryuse=4M:\
255#	:memorylocked=1M:\
256#	:maxproc=16:\
257#	:openfiles=32:\
258#	:tc=standard:
259#
260#
261##
262## Site full-time 24/7 PPP connection
263## - no time accounting, restricted to access via dialin lines
264##
265#site:\
266#	:ignoretime:\
267#	:passwordtime@:\
268#	:refreshtime@:\
269#	:refreshperiod@:\
270#	:sessionlimit@:\
271#	:autodelete@:\
272#	:expireperiod@:\
273#	:graceexpire@:\
274#	:gracetime@:\
275#	:warnexpire@:\
276#	:warnpassword@:\
277#	:idletime@:\
278#	:sessiontime@:\
279#	:daytime@:\
280#	:weektime@:\
281#	:monthtime@:\
282#	:warntime@:\
283#	:accounted@:\
284#	:tc=dialer:\
285#	:tc=staff:
286#
287#
288##
289## Example standard accounting entries for subscriber levels
290##
291#
292#subscriber|Subscribers:\
293#	:accounted:\
294#	:refreshtime=180d:\
295#	:refreshperiod@:\
296#	:sessionlimit@:\
297#	:autodelete=30d:\
298#	:expireperiod=180d:\
299#	:graceexpire=7d:\
300#	:gracetime=10m:\
301#	:warnexpire=7d:\
302#	:warnpassword=7d:\
303#	:idletime=30m:\
304#	:sessiontime=4h:\
305#	:daytime=6h:\
306#	:weektime=40h:\
307#	:monthtime=120h:\
308#	:warntime=4h:\
309#	:tc=standard:
310#
311#
312##
313## Subscriber accounts. These accounts have their login times
314## accounted and have access limits applied.
315##
316#subppp|PPP Subscriber Accounts:\
317#	:tc=dialer:\
318#	:tc=subscriber:
319#
320#
321#subshell|Shell Subscriber Accounts:\
322#	:tc=subscriber:
323#
324##
325## If you want some of the accounts to use traditional UNIX DES based
326## password hashes.
327##
328#des_users:\
329#	:passwd_format=des:\
330#	:tc=default:
331