1.\" 2.\" $FreeBSD$ 3.\" 4.Dd January 30, 2020 5.Dt LOGIN.ACCESS 5 6.Os 7.Sh NAME 8.Nm login.access 9.Nd login access control table 10.Sh SYNOPSIS 11.Pa /etc/login.access 12.Sh DESCRIPTION 13The 14.Nm 15file specifies (user, host) combinations and/or (user, tty) 16combinations for which a login will be either accepted or refused. 17.Pp 18When someone logs in, the 19.Nm 20is scanned for the first entry that 21matches the (user, host) combination, or, in case of non-networked 22logins, the first entry that matches the (user, tty) combination. 23The 24permissions field of that table entry determines whether the login will 25be accepted or refused. 26.Pp 27Each line of the login access control table has three fields separated by a 28.Ql \&: 29character: 30.Ar permission : Ns Ar users : Ns Ar origins 31.Pp 32The first field should be a "+" (access granted) or "-" (access denied) 33character. 34.Pp 35The second field should be a list of one or more login names, 36group names, or ALL (always matches). 37Group names must be enclosed in 38parentheses if the pam module specification for 39.Pa pam_login_access 40specifies the 41.Pa nodefgroup 42option. 43Otherwise, group names will only match if no usernames match. 44.Pp 45The third field should be a list 46of one or more tty names (for non-networked logins), host names, domain 47names (begin with "."), host addresses, internet network numbers (end 48with "."), ALL (always matches) or LOCAL (matches any string that does 49not contain a "." character). 50If you run NIS you can use @netgroupname 51in host or user patterns. 52.Pp 53The EXCEPT operator makes it possible to write very compact rules. 54.Pp 55The group file is searched only when a name does not match that of the 56logged-in user. 57Only groups are matched in which users are explicitly 58listed: the program does not look at a user's primary group id value. 59.Sh FILES 60.Bl -tag -width /etc/login.access -compact 61.It Pa /etc/login.access 62login access control table 63.El 64.Sh SEE ALSO 65.Xr login 1 , 66.Xr pam_login_access 8 67.Sh AUTHORS 68.An Guido van Rooij 69