1.\" 2.\" $FreeBSD$ 3.\" 4.Dd May 7, 2019 5.Dt LOGIN.ACCESS 5 6.Os 7.Sh NAME 8.Nm login.access 9.Nd login access control table 10.Sh DESCRIPTION 11The 12.Nm 13file specifies (user, host) combinations and/or (user, tty) 14combinations for which a login will be either accepted or refused. 15.Pp 16When someone logs in, the 17.Nm 18is scanned for the first entry that 19matches the (user, host) combination, or, in case of non-networked 20logins, the first entry that matches the (user, tty) combination. 21The 22permissions field of that table entry determines whether the login will 23be accepted or refused. 24.Pp 25Each line of the login access control table has three fields separated by a 26.Ql \&: 27character: 28.Ar permission : Ns Ar users : Ns Ar origins 29.Pp 30The first field should be a "+" (access granted) or "-" (access denied) 31character. 32.Pp 33The second field should be a list of one or more login names, 34group names, or ALL (always matches). 35.Pp 36The third field should be a list 37of one or more tty names (for non-networked logins), host names, domain 38names (begin with "."), host addresses, internet network numbers (end 39with "."), ALL (always matches) or LOCAL (matches any string that does 40not contain a "." character). 41If you run NIS you can use @netgroupname 42in host or user patterns. 43.Pp 44The EXCEPT operator makes it possible to write very compact rules. 45.Pp 46The group file is searched only when a name does not match that of the 47logged-in user. 48Only groups are matched in which users are explicitly 49listed: the program does not look at a user's primary group id value. 50.Sh FILES 51.Bl -tag -width /etc/login.access -compact 52.It Pa /etc/login.access 53login access control table 54.El 55.Sh SEE ALSO 56.Xr login 1 , 57.Xr pam_login_access 8 58.Sh AUTHORS 59.An Guido van Rooij 60