58 lines
1.7 KiB
Groff
58 lines
1.7 KiB
Groff
.\" $Heimdal: login.access.5,v 1.1 2003/03/24 15:49:30 joda Exp $
|
|
.\" $NetBSD: login.access.5,v 1.1.1.1 2003/05/15 20:28:41 lha Exp $
|
|
.\"
|
|
.Dd March 21, 2003
|
|
.Dt LOGIN.ACCESS 5
|
|
.Os
|
|
.Sh NAME
|
|
.Nm login.access
|
|
.Nd
|
|
login access control table
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm login.access
|
|
file specifies on which ttys or from which hosts certain users are
|
|
allowed to login.
|
|
.Pp
|
|
At login, the
|
|
.Pa /etc/login.access
|
|
file is checked for the first entry that matches a specific user/host
|
|
or user/tty combination. That entry can either allow or deny login
|
|
access to that user.
|
|
.Pp
|
|
Each entry have three fields separated by colon:
|
|
.Bl -bullet
|
|
.It
|
|
The first field indicates the permission given if the entry matches.
|
|
It can be either
|
|
.Dq +
|
|
(allow access)
|
|
or
|
|
.Dq -
|
|
(deny access) .
|
|
.It
|
|
The second field is a comma separated list of users or groups for
|
|
which the current entry applies. NIS netgroups can used (if
|
|
configured) if preceeded by @. The magic string ALL matches all users.
|
|
A group will match if the user is a member of that group, or it is the
|
|
user's primary group.
|
|
.It
|
|
The third field is a list of ttys, or network names. A network name
|
|
can be either a hostname, a domain (indicated by a starting period),
|
|
or a netgroup. As with the user list, ALL matches anything. LOCAL
|
|
matches a string not containing a period.
|
|
.El
|
|
.Pp
|
|
If the string EXCEPT is found in either the user or from list, the
|
|
rest of the list are exceptions to the list before EXCEPT.
|
|
.Sh BUGS
|
|
If there's a user and a group with the same name, there is no way to
|
|
make the group match if the user also matches.
|
|
.Sh SEE ALSO
|
|
.Xr login 1
|
|
.Sh AUTHORS
|
|
The
|
|
.Fn login_access
|
|
function was written by
|
|
Wietse Venema. This manual page was written for Heimdal.
|