1# login.conf - login class capabilities database. 2# 3# Remember to rebuild the database after each change to this file: 4# 5# cap_mkdb /etc/login.conf 6# 7# This file controls resource limits, accounting limits and 8# default user environment settings. 9# 10# 11 12# Default settings effectively disable resource limits, see the 13# examples below for a starting point to enable them. 14 15# defaults 16# These settings are used by login(1) by default for classless users 17# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 18# 19# Note that since a colon ':' is used to separate capability entries, 20# a \c escape sequence must be used to embed a literal colon in the 21# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX 22# AND SEMANTICS'' section of getcap(3) for more escape sequences). 23 24default:\ 25 :passwd_format=sha512:\ 26 :welcome=/var/run/motd:\ 27 :setenv=BLOCKSIZE=K:\ 28 :mail=/var/mail/$:\ 29 :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\ 30 :nologin=/var/run/nologin:\ 31 :cputime=unlimited:\ 32 :datasize=unlimited:\ 33 :stacksize=unlimited:\ 34 :memorylocked=64K:\ 35 :memoryuse=unlimited:\ 36 :filesize=unlimited:\ 37 :coredumpsize=unlimited:\ 38 :openfiles=unlimited:\ 39 :maxproc=unlimited:\ 40 :sbsize=unlimited:\ 41 :vmemoryuse=unlimited:\ 42 :swapuse=unlimited:\ 43 :pseudoterminals=unlimited:\ 44 :kqueues=unlimited:\ 45 :umtxp=unlimited:\ 46 :pipebuf=unlimited:\ 47 :priority=0:\ 48 :umask=022:\ 49 :charset=UTF-8:\ 50 :lang=C.UTF-8: 51 52# 53# A collection of common class names - forward them all to 'default' 54# (login would normally do this anyway, but having a class name 55# here suppresses the diagnostic) 56# 57standard:\ 58 :tc=default: 59xuser:\ 60 :tc=default: 61staff:\ 62 :tc=default: 63 64# This PATH may be clobbered by individual applications. Notably, by default, 65# rc(8), service(8), and cron(8) will all override it with a default PATH that 66# may not include /usr/local/sbin and /usr/local/bin when starting services or 67# jobs. 68daemon:\ 69 :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin:\ 70 :mail@:\ 71 :memorylocked=128M:\ 72 :tc=default: 73news:\ 74 :tc=default: 75dialer:\ 76 :tc=default: 77 78# 79# Root can always login 80# 81# N.B. login_getpwclass(3) will use this entry for the root account, 82# in preference to 'default'. 83root:\ 84 :ignorenologin:\ 85 :memorylocked=unlimited:\ 86 :tc=default: 87 88# 89# Russian Users Accounts. Setup proper environment variables. 90# 91russian|Russian Users Accounts:\ 92 :charset=UTF-8:\ 93 :lang=ru_RU.UTF-8:\ 94 :tc=default: 95 96 97###################################################################### 98###################################################################### 99## 100## Example entries 101## 102###################################################################### 103###################################################################### 104 105## Example defaults 106## These settings are used by login(1) by default for classless users 107## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" 108# 109#default:\ 110# :cputime=infinity:\ 111# :datasize-cur=22M:\ 112# :stacksize-cur=8M:\ 113# :memorylocked-cur=10M:\ 114# :memoryuse-cur=30M:\ 115# :filesize=infinity:\ 116# :coredumpsize=infinity:\ 117# :maxproc-cur=64:\ 118# :openfiles-cur=64:\ 119# :priority=0:\ 120# :requirehome@:\ 121# :umask=022:\ 122# :tc=auth-defaults: 123# 124# 125## 126## standard - standard user defaults 127## 128#standard:\ 129# :welcome=/var/run/motd:\ 130# :setenv=BLOCKSIZE=K:\ 131# :mail=/var/mail/$:\ 132# :path=~/bin /bin /usr/bin /usr/local/bin:\ 133# :manpath=/usr/share/man /usr/local/man:\ 134# :nologin=/var/run/nologin:\ 135# :cputime=1h30m:\ 136# :datasize=8M:\ 137# :vmemoryuse=100M:\ 138# :stacksize=2M:\ 139# :memorylocked=4M:\ 140# :memoryuse=8M:\ 141# :filesize=8M:\ 142# :coredumpsize=8M:\ 143# :openfiles=24:\ 144# :maxproc=32:\ 145# :priority=0:\ 146# :requirehome:\ 147# :passwordtime=90d:\ 148# :umask=002:\ 149# :tc=default: 150# 151# 152## 153## users of X (needs more resources!) 154## 155#xuser:\ 156# :manpath=/usr/share/man /usr/local/man:\ 157# :cputime=4h:\ 158# :datasize=12M:\ 159# :vmemoryuse=infinity:\ 160# :stacksize=4M:\ 161# :filesize=8M:\ 162# :memoryuse=16M:\ 163# :openfiles=32:\ 164# :maxproc=48:\ 165# :tc=standard: 166# 167# 168## 169## Staff users - few restrictions and allow login anytime 170## 171#staff:\ 172# :ignorenologin:\ 173# :requirehome@:\ 174# :accounted@:\ 175# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 176# :umask=022:\ 177# :tc=standard: 178# 179# 180## 181## root - fallback for root logins 182## 183#root:\ 184# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 185# :cputime=infinity:\ 186# :datasize=infinity:\ 187# :stacksize=infinity:\ 188# :memorylocked=infinity:\ 189# :memoryuse=infinity:\ 190# :filesize=infinity:\ 191# :coredumpsize=infinity:\ 192# :openfiles=infinity:\ 193# :maxproc=infinity:\ 194# :memoryuse-cur=32M:\ 195# :maxproc-cur=64:\ 196# :openfiles-cur=1024:\ 197# :priority=0:\ 198# :requirehome@:\ 199# :umask=022:\ 200# :tc=auth-root-defaults: 201# 202# 203## 204## Settings used by /etc/rc 205## 206#daemon:\ 207# :coredumpsize@:\ 208# :coredumpsize-cur=0:\ 209# :datasize=infinity:\ 210# :datasize-cur@:\ 211# :maxproc=512:\ 212# :maxproc-cur@:\ 213# :memoryuse-cur=64M:\ 214# :memorylocked-cur=64M:\ 215# :openfiles=1024:\ 216# :openfiles-cur@:\ 217# :stacksize=16M:\ 218# :stacksize-cur@:\ 219# :tc=default: 220# 221# 222## 223## Settings used by news subsystem 224## 225#news:\ 226# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ 227# :cputime=infinity:\ 228# :filesize=128M:\ 229# :datasize-cur=64M:\ 230# :stacksize-cur=32M:\ 231# :coredumpsize-cur=0:\ 232# :maxmemorysize-cur=128M:\ 233# :memorylocked=32M:\ 234# :maxproc=128:\ 235# :openfiles=256:\ 236# :tc=default: 237# 238# 239## 240## The dialer class should be used for a dialup PPP account 241## Welcome messages/news suppressed 242## 243#dialer:\ 244# :hushlogin:\ 245# :requirehome@:\ 246# :cputime=unlimited:\ 247# :filesize=2M:\ 248# :datasize=2M:\ 249# :stacksize=4M:\ 250# :coredumpsize=0:\ 251# :memoryuse=4M:\ 252# :memorylocked=1M:\ 253# :maxproc=16:\ 254# :openfiles=32:\ 255# :tc=standard: 256# 257# 258## 259## Site full-time 24/7 PPP connection 260## - no time accounting, restricted to access via dialin lines 261## 262#site:\ 263# :passwordtime@:\ 264# :refreshtime@:\ 265# :refreshperiod@:\ 266# :sessionlimit@:\ 267# :autodelete@:\ 268# :expireperiod@:\ 269# :graceexpire@:\ 270# :gracetime@:\ 271# :warnexpire@:\ 272# :warnpassword@:\ 273# :idletime@:\ 274# :sessiontime@:\ 275# :daytime@:\ 276# :weektime@:\ 277# :monthtime@:\ 278# :warntime@:\ 279# :accounted@:\ 280# :tc=dialer:\ 281# :tc=staff: 282# 283# 284## 285## Example standard accounting entries for subscriber levels 286## 287# 288#subscriber|Subscribers:\ 289# :accounted:\ 290# :refreshtime=180d:\ 291# :refreshperiod@:\ 292# :sessionlimit@:\ 293# :autodelete=30d:\ 294# :expireperiod=180d:\ 295# :graceexpire=7d:\ 296# :gracetime=10m:\ 297# :warnexpire=7d:\ 298# :warnpassword=7d:\ 299# :idletime=30m:\ 300# :sessiontime=4h:\ 301# :daytime=6h:\ 302# :weektime=40h:\ 303# :monthtime=120h:\ 304# :warntime=4h:\ 305# :tc=standard: 306# 307# 308## 309## Subscriber accounts. These accounts have their login times 310## accounted and have access limits applied. 311## 312#subppp|PPP Subscriber Accounts:\ 313# :tc=dialer:\ 314# :tc=subscriber: 315# 316# 317#subshell|Shell Subscriber Accounts:\ 318# :tc=subscriber: 319# 320## 321## If you want some of the accounts to use traditional UNIX DES based 322## password hashes. 323## 324#des_users:\ 325# :passwd_format=des:\ 326# :tc=default: 327