1.\" 2.Dd January 30, 2020 3.Dt LOGIN.ACCESS 5 4.Os 5.Sh NAME 6.Nm login.access 7.Nd login access control table 8.Sh SYNOPSIS 9.Pa /etc/login.access 10.Sh DESCRIPTION 11The 12.Nm 13file specifies (user, host) combinations and/or (user, tty) 14combinations for which a login will be either accepted or refused. 15.Pp 16When someone logs in, the 17.Nm 18is scanned for the first entry that 19matches the (user, host) combination, or, in case of non-networked 20logins, the first entry that matches the (user, tty) combination. 21The 22permissions field of that table entry determines whether the login will 23be accepted or refused. 24.Pp 25Each line of the login access control table has three fields separated by a 26.Ql \&: 27character: 28.Ar permission : Ns Ar users : Ns Ar origins 29.Pp 30The first field should be a "+" (access granted) or "-" (access denied) 31character. 32.Pp 33The second field should be a list of one or more login names, 34group names, or ALL (always matches). 35Group names must be enclosed in 36parentheses if the pam module specification for 37.Pa pam_login_access 38specifies the 39.Pa nodefgroup 40option. 41Otherwise, group names will only match if no usernames match. 42.Pp 43The third field should be a list 44of one or more tty names (for non-networked logins), host names, domain 45names (begin with "."), host addresses, internet network numbers (end 46with "."), ALL (always matches) or LOCAL (matches any string that does 47not contain a "." character). 48If you run NIS you can use @netgroupname 49in host or user patterns. 50.Pp 51The EXCEPT operator makes it possible to write very compact rules. 52.Pp 53The group file is searched only when a name does not match that of the 54logged-in user. 55Only groups are matched in which users are explicitly 56listed: the program does not look at a user's primary group id value. 57.Sh FILES 58.Bl -tag -width /etc/login.access -compact 59.It Pa /etc/login.access 60login access control table 61.El 62.Sh SEE ALSO 63.Xr login 1 , 64.Xr pam_login_access 8 65.Sh AUTHORS 66.An Guido van Rooij 67