1# $FreeBSD: src/etc/login.access,v 1.3 1999/08/27 23:23:42 peter Exp $ 2# $DragonFly: src/etc/login.access,v 1.2 2003/06/17 04:24:45 dillon Exp $ 3# 4# Login access control table. 5# 6# When someone logs in, the table is scanned for the first entry that 7# matches the (user, host) combination, or, in case of non-networked 8# logins, the first entry that matches the (user, tty) combination. The 9# permissions field of that table entry determines whether the login will 10# be accepted or refused. 11# 12# Format of the login access control table is three fields separated by a 13# ":" character: 14# 15# permission : users : origins 16# 17# The first field should be a "+" (access granted) or "-" (access denied) 18# character. The second field should be a list of one or more login names, 19# group names, or ALL (always matches). The third field should be a list 20# of one or more tty names (for non-networked logins), host names, domain 21# names (begin with "."), host addresses, internet network numbers (end 22# with "."), ALL (always matches) or LOCAL (matches any string that does 23# not contain a "." character). If you run NIS you can use @netgroupname 24# in host or user patterns. 25# 26# The EXCEPT operator makes it possible to write very compact rules. 27# 28# The group file is searched only when a name does not match that of the 29# logged-in user. Only groups are matched in which users are explicitly 30# listed: the program does not look at a user's primary group id value. 31# 32############################################################################## 33# 34# Disallow console logins to all but a few accounts. 35# 36#-:ALL EXCEPT wheel shutdown sync:console 37# 38# Disallow non-local logins to privileged accounts (group wheel). 39# 40#-:wheel:ALL EXCEPT LOCAL .win.tue.nl 41# 42# Some accounts are not allowed to login from anywhere: 43# 44#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL 45# 46# All other accounts are allowed to login from anywhere. 47# 48