NAME
login.conf
- login class capability data base
SYNOPSIS
login.conf
DESCRIPTION
The
login.conf
file describes the various attributes of login classes.
A login class determines what styles of authentication are available
as well as session resource limits and environment setup.
While designed primarily for the
login(1)
program,
it is also used by other programs, e.g.,
rexecd(8),
which need to set up a user environment.
The class to be used is normally determined by the
class
field in the password file (see
passwd(5)).
The class is used to look up a corresponding entry in the
login.conf
file.
A special class called
``default''
will be used (if it exists) if the field in the password file is empty.
CAPABILITIES
Refer to
getcap(3)
for a description of the file layout.
An example entry is:
-
classname|Description entry:\
:capability=value:\
:booleancapability:\
...
:lastcapability=value:
All entries in the
login.conf
file are either boolean or use a `=' to separate the capability
from the value.
The types are described after the capability table.
Name Type Default Description
copyright | file | |
File containing additional copyright information.
|
coredumpsize | size | |
Maximum coredump size limit.
|
cputime | time | |
CPU usage limit.
|
datasize | size | |
Maximum data size limit.
|
filesize | size | |
Maximum file size limit.
|
host.allow | string | |
A comma-separated list of host name or IP address patterns
from which a class is allowed access.
Access is instead denied from any hosts preceded
by
`
! '.
Patterns can contain the
sh(1)-style
`
* '
and
`
? '
wildcards.
The
host.deny
entry is checked before
host.allow.
(Currently used only by
sshd(8).)
|
host.deny | string | |
A comma-separated list of host name or IP address patterns
from which a class is denied access.
Patterns as per
host.allow,
although a matched pattern that has been negated with
`
! '
is ignored.
(Currently used only by
sshd(8).)
|
hushlogin | bool |
false
Same as having a
$HOME/.hushlogin
file.
See
login(1).
| ignorenologin | bool |
false
Not affected by
nologin
files.
| login-retries | number | 10 |
Maximum number of login attempts allowed.
| login-backoff | number | 3 |
Number of login attempts after which to start random back-off.
| maxproc | number | |
Maximum number of process.
| memorylocked | size | |
Maximum locked in core memory size limit.
| memoryuse | size | |
Maximum in core memoryuse size limit.
| minpasswordlen | number | |
The minimum length a local password may be.
Used by the
passwd(1)
utility.
| nologin | file | |
If the file exists it will be displayed
and the login session will be terminated.
| openfiles | number | |
Maximum number of open file descriptors per process.
| passwordtime | time | |
Used by
passwd(1)
to set next password expiry date.
| password-warn | time |
2w
If the user's password will expire within this length of time then
warn the user of this.
| path | path |
/bin /usr/bin
Default search path.
| priority | number | |
Initial priority (nice) level.
| requirehome | bool |
false
Require home directory to login.
| sbsize | size | |
Maximum socket buffer size limit.
| setenv | list | |
Comma or whitespace separated list
of environment variables and values to be set.
Commas and whitespace can be escaped using \\.
| shell | program | |
Session shell to execute rather than the shell specified in the password file.
The
SHELL
environment variable will contain the shell specified in the password file.
| stacksize | size | |
Maximum stack size limit.
| tc | string | |
A "continuation" entry, which must be the last capability provided.
More capabilities are read from the named entry.
The capabilities given before
tc
override those in the entry invoked by
tc.
| term | string |
su
Default terminal type if not able to determine from other means.
| umask | number |
022
Initial umask.
Should always have a leading
0
to assure octal interpretation.
See
umask(2).
| welcome | file |
/etc/motd
File containing welcome message.
| | | | | | | | |
The resource limit entries
(coredumpsize,
cputime,
datasize,
filesize,
maxproc,
memorylocked,
memoryuse,
openfiles,
sbsize,
and
stacksize)
actually specify both the maximum and current limits (see
getrlimit(2)).
The current limit is the one normally used,
although the user is permitted to increase the current limit to the
maximum limit.
The maximum and current limits may be specified individually by appending
a
`-max'
or
`-cur'
to the capability name (e.g.,
openfiles-max
and
openfiles-cur).
NetBSD
will never define capabilities which start with
x-
or
X-
,
these are reserved for external use (unless included through contributed
software).
The argument types are defined as:
- bool
-
If the name is present, then the boolean value is true;
otherwise, it is false.
- file
-
Path name to a text file.
- list
-
A comma or whitespace separated list of values.
- number
-
A number. A leading
0x
implies the number is expressed in hexadecimal.
A leading
0
implies the number is expressed in octal.
Any other number is treated as decimal.
- path
-
A space separated list of path names.
If a
`
~
'
is the first character in the path name, the
`
~
'
is expanded to the user's home directory.
- program
-
A path name to program.
- size
-
A number which expresses a size in bytes.
It may have a trailing
b
to multiply the value by 512, a
k
to multiply the value by 1 K (1024), and a
m
to multiply the value by 1 M (1048576).
- time
-
A time in seconds.
A time may be expressed as a series of numbers
which are added together.
Each number may have a trailing character to
represent time units:
- y
-
Indicates a number of 365 day years.
- w
-
Indicates a number of 7 day weeks.
- d
-
Indicates a number of 24 hour days.
- h
-
Indicates a number of 60 minute hours.
- m
-
Indicates a number of 60 second minutes.
- s
-
Indicates a number of seconds.
For example, to indicate 1 and 1/2 hours, the following string
could be used:
1h30m
.
FILES
/etc/login.conf
-
login class capability database
/etc/login.conf.db
-
hashed database built with
cap_mkdb(1)
SEE ALSO
cap_mkdb(1),
login(1),
getcap(3),
login_cap(3),
ttys(5),
ftpd(8),
sshd(8)
HISTORY
The
login.conf
configuration file appeared in
NetBSD1.5.