xref: /freebsd/usr.bin/login/login.conf (revision b029e29e) 
1# login.conf - login class capabilities database.
2#
3# Remember to rebuild the database after each change to this file:
4#
5#	cap_mkdb /etc/login.conf
6#
7# This file controls resource limits, accounting limits and
8# default user environment settings.
9#
10#
11
12# Default settings effectively disable resource limits, see the
13# examples below for a starting point to enable them.
14
15# defaults
16# These settings are used by login(1) by default for classless users
17# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
18#
19# Note that since a colon ':' is used to separate capability entries,
20# a \c escape sequence must be used to embed a literal colon in the
21# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX
22# AND SEMANTICS'' section of getcap(3) for more escape sequences).
23
24default:\
25	:passwd_format=sha512:\
26	:copyright=/etc/COPYRIGHT:\
27	:welcome=/var/run/motd:\
28	:setenv=BLOCKSIZE=K:\
29	:mail=/var/mail/$:\
30	:path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\
31	:nologin=/var/run/nologin:\
32	:cputime=unlimited:\
33	:datasize=unlimited:\
34	:stacksize=unlimited:\
35	:memorylocked=64K:\
36	:memoryuse=unlimited:\
37	:filesize=unlimited:\
38	:coredumpsize=unlimited:\
39	:openfiles=unlimited:\
40	:maxproc=unlimited:\
41	:sbsize=unlimited:\
42	:vmemoryuse=unlimited:\
43	:swapuse=unlimited:\
44	:pseudoterminals=unlimited:\
45	:kqueues=unlimited:\
46	:umtxp=unlimited:\
47	:pipebuf=unlimited:\
48	:priority=0:\
49	:ignoretime@:\
50	:umask=022:\
51	:charset=UTF-8:\
52	:lang=C.UTF-8:
53
54#
55# A collection of common class names - forward them all to 'default'
56# (login would normally do this anyway, but having a class name
57#  here suppresses the diagnostic)
58#
59standard:\
60	:tc=default:
61xuser:\
62	:tc=default:
63staff:\
64	:tc=default:
65
66# This PATH may be clobbered by individual applications.  Notably, by default,
67# rc(8), service(8), and cron(8) will all override it with a default PATH that
68# may not include /usr/local/sbin and /usr/local/bin when starting services or
69# jobs.
70daemon:\
71	:path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin:\
72	:mail@:\
73	:memorylocked=128M:\
74	:tc=default:
75news:\
76	:tc=default:
77dialer:\
78	:tc=default:
79
80#
81# Root can always login
82#
83# N.B.  login_getpwclass(3) will use this entry for the root account,
84#       in preference to 'default'.
85root:\
86	:ignorenologin:\
87	:memorylocked=unlimited:\
88	:tc=default:
89
90#
91# Russian Users Accounts. Setup proper environment variables.
92#
93russian|Russian Users Accounts:\
94	:charset=UTF-8:\
95	:lang=ru_RU.UTF-8:\
96	:tc=default:
97
98
99######################################################################
100######################################################################
101##
102## Example entries
103##
104######################################################################
105######################################################################
106
107## Example defaults
108## These settings are used by login(1) by default for classless users
109## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
110#
111#default:\
112#	:cputime=infinity:\
113#	:datasize-cur=22M:\
114#	:stacksize-cur=8M:\
115#	:memorylocked-cur=10M:\
116#	:memoryuse-cur=30M:\
117#	:filesize=infinity:\
118#	:coredumpsize=infinity:\
119#	:maxproc-cur=64:\
120#	:openfiles-cur=64:\
121#	:priority=0:\
122#	:requirehome@:\
123#	:umask=022:\
124#	:tc=auth-defaults:
125#
126#
127##
128## standard - standard user defaults
129##
130#standard:\
131#	:copyright=/etc/COPYRIGHT:\
132#	:welcome=/var/run/motd:\
133#	:setenv=BLOCKSIZE=K:\
134#	:mail=/var/mail/$:\
135#	:path=~/bin /bin /usr/bin /usr/local/bin:\
136#	:manpath=/usr/share/man /usr/local/man:\
137#	:nologin=/var/run/nologin:\
138#	:cputime=1h30m:\
139#	:datasize=8M:\
140#	:vmemoryuse=100M:\
141#	:stacksize=2M:\
142#	:memorylocked=4M:\
143#	:memoryuse=8M:\
144#	:filesize=8M:\
145#	:coredumpsize=8M:\
146#	:openfiles=24:\
147#	:maxproc=32:\
148#	:priority=0:\
149#	:requirehome:\
150#	:passwordtime=90d:\
151#	:umask=002:\
152#	:ignoretime@:\
153#	:tc=default:
154#
155#
156##
157## users of X (needs more resources!)
158##
159#xuser:\
160#	:manpath=/usr/share/man /usr/local/man:\
161#	:cputime=4h:\
162#	:datasize=12M:\
163#	:vmemoryuse=infinity:\
164#	:stacksize=4M:\
165#	:filesize=8M:\
166#	:memoryuse=16M:\
167#	:openfiles=32:\
168#	:maxproc=48:\
169#	:tc=standard:
170#
171#
172##
173## Staff users - few restrictions and allow login anytime
174##
175#staff:\
176#	:ignorenologin:\
177#	:ignoretime:\
178#	:requirehome@:\
179#	:accounted@:\
180#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
181#	:umask=022:\
182#	:tc=standard:
183#
184#
185##
186## root - fallback for root logins
187##
188#root:\
189#	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
190#	:cputime=infinity:\
191#	:datasize=infinity:\
192#	:stacksize=infinity:\
193#	:memorylocked=infinity:\
194#	:memoryuse=infinity:\
195#	:filesize=infinity:\
196#	:coredumpsize=infinity:\
197#	:openfiles=infinity:\
198#	:maxproc=infinity:\
199#	:memoryuse-cur=32M:\
200#	:maxproc-cur=64:\
201#	:openfiles-cur=1024:\
202#	:priority=0:\
203#	:requirehome@:\
204#	:umask=022:\
205#	:tc=auth-root-defaults:
206#
207#
208##
209## Settings used by /etc/rc
210##
211#daemon:\
212#	:coredumpsize@:\
213#	:coredumpsize-cur=0:\
214#	:datasize=infinity:\
215#	:datasize-cur@:\
216#	:maxproc=512:\
217#	:maxproc-cur@:\
218#	:memoryuse-cur=64M:\
219#	:memorylocked-cur=64M:\
220#	:openfiles=1024:\
221#	:openfiles-cur@:\
222#	:stacksize=16M:\
223#	:stacksize-cur@:\
224#	:tc=default:
225#
226#
227##
228## Settings used by news subsystem
229##
230#news:\
231#	:path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
232#	:cputime=infinity:\
233#	:filesize=128M:\
234#	:datasize-cur=64M:\
235#	:stacksize-cur=32M:\
236#	:coredumpsize-cur=0:\
237#	:maxmemorysize-cur=128M:\
238#	:memorylocked=32M:\
239#	:maxproc=128:\
240#	:openfiles=256:\
241#	:tc=default:
242#
243#
244##
245## The dialer class should be used for a dialup PPP account
246## Welcome messages/news suppressed
247##
248#dialer:\
249#	:hushlogin:\
250#	:requirehome@:\
251#	:cputime=unlimited:\
252#	:filesize=2M:\
253#	:datasize=2M:\
254#	:stacksize=4M:\
255#	:coredumpsize=0:\
256#	:memoryuse=4M:\
257#	:memorylocked=1M:\
258#	:maxproc=16:\
259#	:openfiles=32:\
260#	:tc=standard:
261#
262#
263##
264## Site full-time 24/7 PPP connection
265## - no time accounting, restricted to access via dialin lines
266##
267#site:\
268#	:ignoretime:\
269#	:passwordtime@:\
270#	:refreshtime@:\
271#	:refreshperiod@:\
272#	:sessionlimit@:\
273#	:autodelete@:\
274#	:expireperiod@:\
275#	:graceexpire@:\
276#	:gracetime@:\
277#	:warnexpire@:\
278#	:warnpassword@:\
279#	:idletime@:\
280#	:sessiontime@:\
281#	:daytime@:\
282#	:weektime@:\
283#	:monthtime@:\
284#	:warntime@:\
285#	:accounted@:\
286#	:tc=dialer:\
287#	:tc=staff:
288#
289#
290##
291## Example standard accounting entries for subscriber levels
292##
293#
294#subscriber|Subscribers:\
295#	:accounted:\
296#	:refreshtime=180d:\
297#	:refreshperiod@:\
298#	:sessionlimit@:\
299#	:autodelete=30d:\
300#	:expireperiod=180d:\
301#	:graceexpire=7d:\
302#	:gracetime=10m:\
303#	:warnexpire=7d:\
304#	:warnpassword=7d:\
305#	:idletime=30m:\
306#	:sessiontime=4h:\
307#	:daytime=6h:\
308#	:weektime=40h:\
309#	:monthtime=120h:\
310#	:warntime=4h:\
311#	:tc=standard:
312#
313#
314##
315## Subscriber accounts. These accounts have their login times
316## accounted and have access limits applied.
317##
318#subppp|PPP Subscriber Accounts:\
319#	:tc=dialer:\
320#	:tc=subscriber:
321#
322#
323#subshell|Shell Subscriber Accounts:\
324#	:tc=subscriber:
325#
326##
327## If you want some of the accounts to use traditional UNIX DES based
328## password hashes.
329##
330#des_users:\
331#	:passwd_format=des:\
332#	:tc=default:
333