329 lines
8.0 KiB
Groff
329 lines
8.0 KiB
Groff
.\" $NetBSD: login.conf.5,v 1.5 2000/06/14 12:35:31 ad Exp $
|
|
.\"
|
|
.\" Copyright (c) 1995,1996,1997 Berkeley Software Design, Inc.
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by Berkeley Software Design,
|
|
.\" Inc.
|
|
.\" 4. The name of Berkeley Software Design, Inc. may not be used to endorse
|
|
.\" or promote products derived from this software without specific prior
|
|
.\" written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" BSDI login.conf.5,v 2.19 1998/02/19 23:39:39 prb Exp
|
|
.\"
|
|
.Dd January 14, 2000
|
|
.Dt LOGIN.CONF 5
|
|
.Os
|
|
.Sh NAME
|
|
.Nm login.conf
|
|
.Nd login class capability data base
|
|
.Sh SYNOPSIS
|
|
.Nm login.conf
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm login.conf
|
|
file describes the various attributes of login classes.
|
|
A login class determines what styles of authentication are available
|
|
as well as session resource limits and environment setup.
|
|
While designed primarily for the
|
|
.Xr login 8
|
|
program,
|
|
it is also used by other programs, e.g.,
|
|
.Xr rexecd 8 ,
|
|
which need to set up a user environment.
|
|
.Sh CAPABILITIES
|
|
Refer to
|
|
.Xr getcap 3
|
|
for a description of the file layout.
|
|
All entries in the
|
|
.Nm login.conf
|
|
file are either boolean or use a `=' to separate the capability
|
|
from the value.
|
|
The types are described after the capability table.
|
|
.Bl -column minpasswordlenxx programxx xusxbin
|
|
.Sy Name Type Default Description
|
|
.\"
|
|
.sp
|
|
.It copyright Ta file Ta "" Ta
|
|
File containing additional copyright information.
|
|
.\"
|
|
.sp
|
|
.It coredumpsize Ta size Ta "" Ta
|
|
Maximum coredump size limit.
|
|
.\"
|
|
.sp
|
|
.It cputime Ta time Ta "" Ta
|
|
CPU usage limit.
|
|
.\"
|
|
.sp
|
|
.It datasize Ta size Ta "" Ta
|
|
Maximum data size limit.
|
|
.\"
|
|
.sp
|
|
.It filesize Ta size Ta "" Ta
|
|
Maximum file size limit.
|
|
.\"
|
|
.sp
|
|
.It hushlogin Ta bool Ta Dv false Ta
|
|
Same as having a
|
|
.Pa $HOME/.hushlogin
|
|
file.
|
|
See
|
|
.Xr login 8 .
|
|
.\"
|
|
.sp
|
|
.It ignorenologin Ta bool Ta Dv false Ta
|
|
Not affected by
|
|
.Pa nologin
|
|
files.
|
|
.\"
|
|
.It login-retries Ta number Ta 10 Ta
|
|
Maximum number of login attempts allowed.
|
|
.\"
|
|
.It login-backoff Ta number Ta 3 Ta
|
|
Number of login attempts after which to start random back-off.
|
|
.\"
|
|
.sp
|
|
.It maxproc Ta number Ta "" Ta
|
|
Maximum number of process.
|
|
.\"
|
|
.sp
|
|
.It memorylocked Ta size Ta "" Ta
|
|
Maximum locked in core memory size limit.
|
|
.\"
|
|
.sp
|
|
.It memoryuse Ta size Ta "" Ta
|
|
Maximum in core memoryuse size limit.
|
|
.\"
|
|
.sp
|
|
.It minpasswordlen Ta number Ta "" Ta
|
|
The minimum length a local password may be.
|
|
Used by the
|
|
.Xr passwd 1
|
|
utility.
|
|
.\"
|
|
.sp
|
|
.It nologin Ta file Ta "" Ta
|
|
If the file exists it will be displayed
|
|
and the login session will be terminated.
|
|
.\"
|
|
.sp
|
|
.It openfiles Ta number Ta "" Ta
|
|
Maximum number of open files per process.
|
|
.\"
|
|
.\"XX .sp
|
|
.\"XX .It password-dead Ta time Ta Dv 0 Ta
|
|
.\"XX Length of time a password may be expired but not quite dead yet.
|
|
.\"XX When set (for both the client and remote server machine when doing
|
|
.\"XX remote authentication), a user is allowed to log in just one more
|
|
.\"XX time after their password (but not account) has expired. This allows
|
|
.\"XX a grace period for updating their password.
|
|
.\"
|
|
.sp
|
|
.It passwordtime Ta time Ta "" Ta
|
|
Used by passwd(1) to set next password expiry date.
|
|
.\"
|
|
.sp
|
|
.It password-warn Ta time Ta Dv 2w Ta
|
|
If the user's password will expire within this length of time then
|
|
warn the user of this.
|
|
.\"
|
|
.sp
|
|
.It path Ta path Ta Dv "/bin /usr/bin" Ta
|
|
.br
|
|
Default search path.
|
|
.\"
|
|
.sp
|
|
.It priority Ta number Ta "" Ta
|
|
Initial priority (nice) level.
|
|
.\"
|
|
.sp
|
|
.It requirehome Ta bool Ta Dv false Ta
|
|
Require home directory to login.
|
|
.\"
|
|
.sp
|
|
.It setenv Ta list Ta "" Ta
|
|
Comma separated list of environment variables and values to be set.
|
|
.\"
|
|
.sp
|
|
.It shell Ta program Ta "" Ta
|
|
Session shell to execute rather than the shell specified in the password file.
|
|
The
|
|
.Ev SHELL
|
|
environment variable will contain the shell specified in the password file.
|
|
.\"
|
|
.sp
|
|
.It stacksize Ta size Ta "" Ta
|
|
Maximum stack size limit.
|
|
.\"
|
|
.sp
|
|
.It term Ta string Ta Dv su Ta
|
|
Default terminal type if not able to determine from other means.
|
|
.\"
|
|
.sp
|
|
.It umask Ta number Ta Dv 022 Ta
|
|
Initial umask.
|
|
Should always have a leading
|
|
.Li 0
|
|
to assure octal interpretation.
|
|
See
|
|
.Xr umask 2 .
|
|
.\"
|
|
.sp
|
|
.It welcome Ta file Ta Pa /etc/motd Ta
|
|
File containing welcome message.
|
|
.El
|
|
.Pp
|
|
The resource limit entries
|
|
.No ( Ns Va cputime , filesize , datasize , stacksize , coredumpsize ,
|
|
.Va memoryuse , memorylocked , maxproc ,
|
|
and
|
|
.Va openfiles )
|
|
actually specify both the maximum and current limits (see
|
|
.Xr getrlimit 2 ).
|
|
The current limit is the one normally used,
|
|
although the user is permitted to increase the current limit to the
|
|
maximum limit.
|
|
The maximum and current limits may be specified individually by appending
|
|
a
|
|
.Va \-max
|
|
or
|
|
.Va \-cur
|
|
to the capability name (e.g.,
|
|
.Va openfiles-max
|
|
and
|
|
.Va openfiles-cur Ns No ).
|
|
.Pp
|
|
.Nx
|
|
will never define capabilities which start with
|
|
.Li x-
|
|
or
|
|
.Li X- ,
|
|
these are reserved for external use (unless included through contributed
|
|
software).
|
|
.Pp
|
|
The argument types are defined as:
|
|
.Bl -tag -width programxx
|
|
.\"
|
|
.It file
|
|
Path name to a text file.
|
|
.\"
|
|
.It list
|
|
A comma separated list of values.
|
|
.\"
|
|
.It number
|
|
A number. A leading
|
|
.Li 0x
|
|
implies the number is expressed in hexadecimal.
|
|
A leading
|
|
.Li 0
|
|
implies the number is expressed in octal.
|
|
Any other number is treated as decimal.
|
|
.\"
|
|
.It path
|
|
A space separated list of path names.
|
|
If a
|
|
.Li ~
|
|
is the first character in the path name, the
|
|
.Li ~
|
|
is expanded to the user's home directory.
|
|
.\"
|
|
.It program
|
|
A path name to program.
|
|
.\"
|
|
.It size
|
|
A
|
|
.Va number
|
|
which expresses a size in bytes.
|
|
It may have a trailing
|
|
.Li b
|
|
to multiply the value by 512, a
|
|
.Li k
|
|
to multiply the value by 1 K (1024), and a
|
|
.Li m
|
|
to multiply the value by 1 M (1048576).
|
|
.\"
|
|
.It time
|
|
A time in seconds.
|
|
A time may be expressed as a series of numbers
|
|
which are added together.
|
|
Each number may have a trailing character to
|
|
represent time units:
|
|
.Bl -tag -width xxx
|
|
.\"
|
|
.It y
|
|
Indicates a number of 365 day years.
|
|
.\"
|
|
.It w
|
|
Indicates a number of 7 day weeks.
|
|
.\"
|
|
.It d
|
|
Indicates a number of 24 hour days.
|
|
.\"
|
|
.It h
|
|
Indicates a number of 60 minute hours.
|
|
.\"
|
|
.It m
|
|
Indicates a number of 60 second minutes.
|
|
.\"
|
|
.It s
|
|
Indicates a number of seconds.
|
|
.El
|
|
.Pp
|
|
For example, to indicate 1 and 1/2 hours, the following string
|
|
could be used:
|
|
.Li 1h30m .
|
|
.El
|
|
.\"
|
|
.Pp
|
|
The class to be used is normally determined by the
|
|
.Li class
|
|
field in the password file (see
|
|
.Xr passwd 5 ).
|
|
.Pp
|
|
The class is used to look up a corresponding entry in the
|
|
.Pa login.conf
|
|
file.
|
|
.Sh FILES
|
|
.Bl -tag -width /etc/login.conf.db -compact
|
|
.It Pa /etc/login.conf
|
|
login class capability database
|
|
.It Pa /etc/login.conf.db
|
|
hashed database built with
|
|
.Xr cap_mkdb 1
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr getcap 3 ,
|
|
.Xr login_cap 3 ,
|
|
.Xr ttys 5 ,
|
|
.Xr cap_mkdb 1 ,
|
|
.Xr ftpd 8 ,
|
|
.Xr login 8
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
configuration file appeared in
|
|
.Nx 1.5 .
|