1.\" $NetBSD: login.conf.5,v 1.12 2001/09/11 01:01:57 wiz Exp $ 2.\" 3.\" Copyright (c) 1995,1996,1997 Berkeley Software Design, Inc. 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. All advertising materials mentioning features or use of this software 15.\" must display the following acknowledgement: 16.\" This product includes software developed by Berkeley Software Design, 17.\" Inc. 18.\" 4. The name of Berkeley Software Design, Inc. may not be used to endorse 19.\" or promote products derived from this software without specific prior 20.\" written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25.\" ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. 33.\" 34.\" BSDI login.conf.5,v 2.19 1998/02/19 23:39:39 prb Exp 35.\" 36.Dd November 17, 2000 37.Dt LOGIN.CONF 5 38.Os 39.Sh NAME 40.Nm login.conf 41.Nd login class capability data base 42.Sh SYNOPSIS 43.Nm login.conf 44.Sh DESCRIPTION 45The 46.Nm login.conf 47file describes the various attributes of login classes. 48A login class determines what styles of authentication are available 49as well as session resource limits and environment setup. 50While designed primarily for the 51.Xr login 1 52program, 53it is also used by other programs, e.g., 54.Xr rexecd 8 , 55which need to set up a user environment. 56.Pp 57The class to be used is normally determined by the 58.Li class 59field in the password file (see 60.Xr passwd 5 ) . 61The class is used to look up a corresponding entry in the 62.Pa login.conf 63file. 64A special class called 65.Dq default 66will be used (if it exists) if there is no other match. 67.Sh CAPABILITIES 68Refer to 69.Xr getcap 3 70for a description of the file layout. 71An example entry is: 72.Bd -literal -offset indent 73classname|Description entry:\\ 74 :capability=value:\\ 75 :booleancapability:\\ 76 \&.\&.\&. 77 :lastcapability=value: 78.Ed 79.Pp 80All entries in the 81.Nm login.conf 82file are either boolean or use a `=' to separate the capability 83from the value. 84The types are described after the capability table. 85.Bl -column minpasswordlen program default 86.Sy Name Type Default Description 87.\" 88.sp 89.It Sy copyright Ta file Ta "" Ta 90File containing additional copyright information. 91.\" 92.sp 93.It Sy coredumpsize Ta size Ta "" Ta 94Maximum coredump size limit. 95.\" 96.sp 97.It Sy cputime Ta time Ta "" Ta 98CPU usage limit. 99.\" 100.sp 101.It Sy datasize Ta size Ta "" Ta 102Maximum data size limit. 103.\" 104.sp 105.It Sy filesize Ta size Ta "" Ta 106Maximum file size limit. 107.\" 108.sp 109.It Sy hushlogin Ta bool Ta Li false Ta 110Same as having a 111.Pa $HOME/.hushlogin 112file. 113See 114.Xr login 1 . 115.\" 116.sp 117.It Sy ignorenologin Ta bool Ta Li false Ta 118Not affected by 119.Pa nologin 120files. 121.\" 122.sp 123.It Sy login-retries Ta number Ta 10 Ta 124Maximum number of login attempts allowed. 125.\" 126.It Sy login-backoff Ta number Ta 3 Ta 127Number of login attempts after which to start random back-off. 128.\" 129.sp 130.It Sy maxproc Ta number Ta "" Ta 131Maximum number of process. 132.\" 133.sp 134.It Sy memorylocked Ta size Ta "" Ta 135Maximum locked in core memory size limit. 136.\" 137.sp 138.It Sy memoryuse Ta size Ta "" Ta 139Maximum in core memoryuse size limit. 140.\" 141.sp 142.It Sy minpasswordlen Ta number Ta "" Ta 143The minimum length a local password may be. 144Used by the 145.Xr passwd 1 146utility. 147.\" 148.sp 149.It Sy nologin Ta file Ta "" Ta 150If the file exists it will be displayed 151and the login session will be terminated. 152.\" 153.sp 154.It Sy openfiles Ta number Ta "" Ta 155Maximum number of open files per process. 156.\" 157.\"XX .sp 158.\"XX .It Sy password-dead Ta time Ta Li 0 Ta 159.\"XX Length of time a password may be expired but not quite dead yet. 160.\"XX When set (for both the client and remote server machine when doing 161.\"XX remote authentication), a user is allowed to log in just one more 162.\"XX time after their password (but not account) has expired. This allows 163.\"XX a grace period for updating their password. 164.\" 165.sp 166.It Sy passwordtime Ta time Ta "" Ta 167Used by 168.Xr passwd 1 169to set next password expiry date. 170.\" 171.sp 172.It Sy password-warn Ta time Ta Li 2w Ta 173If the user's password will expire within this length of time then 174warn the user of this. 175.\" 176.sp 177.It Sy path Ta path Ta Li "/bin /usr/bin" Ta 178.br 179Default search path. 180.\" 181.sp 182.It Sy priority Ta number Ta "" Ta 183Initial priority (nice) level. 184.\" 185.sp 186.It Sy requirehome Ta bool Ta Li false Ta 187Require home directory to login. 188.\" 189.sp 190.It Sy setenv Ta list Ta "" Ta 191Comma separated list of environment variables and values to be set. 192.\" 193.sp 194.It Sy shell Ta program Ta "" Ta 195Session shell to execute rather than the shell specified in the password file. 196The 197.Ev SHELL 198environment variable will contain the shell specified in the password file. 199.\" 200.sp 201.It Sy stacksize Ta size Ta "" Ta 202Maximum stack size limit. 203.\" 204.sp 205.It Sy term Ta string Ta Li su Ta 206Default terminal type if not able to determine from other means. 207.\" 208.sp 209.It Sy umask Ta number Ta Li 022 Ta 210Initial umask. 211Should always have a leading 212.Li 0 213to assure octal interpretation. 214See 215.Xr umask 2 . 216.\" 217.sp 218.It Sy welcome Ta file Ta Li /etc/motd Ta 219File containing welcome message. 220.El 221.Pp 222The resource limit entries 223.No ( Ns Sy cputime , filesize , datasize , stacksize , coredumpsize , 224.Sy memoryuse , memorylocked , maxproc , 225and 226.Sy openfiles ) 227actually specify both the maximum and current limits (see 228.Xr getrlimit 2 ) . 229The current limit is the one normally used, 230although the user is permitted to increase the current limit to the 231maximum limit. 232The maximum and current limits may be specified individually by appending 233a 234.Sq Sy \-max 235or 236.Sq Sy \-cur 237to the capability name (e.g., 238.Sy openfiles-max 239and 240.Sy openfiles-cur Ns No ) . 241.Pp 242.Nx 243will never define capabilities which start with 244.Li x- 245or 246.Li X- , 247these are reserved for external use (unless included through contributed 248software). 249.Pp 250The argument types are defined as: 251.Bl -tag -width programxx 252.\" 253.It Sy file 254Path name to a text file. 255.\" 256.It Sy list 257A comma separated list of values. 258.\" 259.It Sy number 260A number. A leading 261.Li 0x 262implies the number is expressed in hexadecimal. 263A leading 264.Li 0 265implies the number is expressed in octal. 266Any other number is treated as decimal. 267.\" 268.It Sy path 269A space separated list of path names. 270If a 271.Sq Li ~ 272is the first character in the path name, the 273.Sq Li ~ 274is expanded to the user's home directory. 275.\" 276.It Sy program 277A path name to program. 278.\" 279.It Sy size 280A number which expresses a size in bytes. 281It may have a trailing 282.Li b 283to multiply the value by 512, a 284.Li k 285to multiply the value by 1 K (1024), and a 286.Li m 287to multiply the value by 1 M (1048576). 288.\" 289.It Sy time 290A time in seconds. 291A time may be expressed as a series of numbers 292which are added together. 293Each number may have a trailing character to 294represent time units: 295.Bl -tag -width xxx 296.\" 297.It Sy y 298Indicates a number of 365 day years. 299.\" 300.It Sy w 301Indicates a number of 7 day weeks. 302.\" 303.It Sy d 304Indicates a number of 24 hour days. 305.\" 306.It Sy h 307Indicates a number of 60 minute hours. 308.\" 309.It Sy m 310Indicates a number of 60 second minutes. 311.\" 312.It Sy s 313Indicates a number of seconds. 314.El 315.Pp 316For example, to indicate 1 and 1/2 hours, the following string 317could be used: 318.Li 1h30m . 319.El 320.\" 321.Sh FILES 322.Bl -tag -width /etc/login.conf.db -compact 323.It Pa /etc/login.conf 324login class capability database 325.It Pa /etc/login.conf.db 326hashed database built with 327.Xr cap_mkdb 1 328.El 329.Sh SEE ALSO 330.Xr cap_mkdb 1 , 331.Xr login 1 , 332.Xr getcap 3 , 333.Xr login_cap 3 , 334.Xr ttys 5 , 335.Xr ftpd 8 336.Sh HISTORY 337The 338.Nm 339configuration file appeared in 340.Nx 1.5 . 341