1 # login.conf - login class capabilities database.
3 # Remember to rebuild the database after each change to this file:
5 # cap_mkdb /etc/login.conf
7 # This file controls resource limits, accounting limits and
8 # default user environment settings.
13 # Default settings effectively disable resource limits, see the
14 # examples below for a starting point to enable them.
17 # These settings are used by login(1) by default for classless users
18 # Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
20 # Note that since a colon ':' is used to separate capability entries,
21 # a \c escape sequence must be used to embed a literal colon in the
22 # value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX
23 # AND SEMANTICS'' section of getcap(3) for more escape sequences).
26 :passwd_format=sha512:\
27 :copyright=/etc/COPYRIGHT:\
28 :welcome=/var/run/motd:\
31 :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\
32 :nologin=/var/run/nologin:\
35 :stacksize=unlimited:\
37 :memoryuse=unlimited:\
39 :coredumpsize=unlimited:\
40 :openfiles=unlimited:\
43 :vmemoryuse=unlimited:\
45 :pseudoterminals=unlimited:\
54 # A collection of common class names - forward them all to 'default'
55 # (login would normally do this anyway, but having a class name
56 # here suppresses the diagnostic)
65 # This PATH may be clobbered by individual applications. Notably, by default,
66 # rc(8), service(8), and cron(8) will all override it with a default PATH that
67 # may not include /usr/local/sbin and /usr/local/bin when starting services or
70 :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin:\
80 # Root can always login
82 # N.B. login_getpwclass(3) will use this entry for the root account,
83 # in preference to 'default'.
86 :memorylocked=unlimited:\
90 # Russian Users Accounts. Setup proper environment variables.
92 russian|Russian Users Accounts:\
98 ######################################################################
99 ######################################################################
103 ######################################################################
104 ######################################################################
107 ## These settings are used by login(1) by default for classless users
108 ## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
111 # :cputime=infinity:\
112 # :datasize-cur=22M:\
113 # :stacksize-cur=8M:\
114 # :memorylocked-cur=10M:\
115 # :memoryuse-cur=30M:\
116 # :filesize=infinity:\
117 # :coredumpsize=infinity:\
119 # :openfiles-cur=64:\
127 ## standard - standard user defaults
130 # :copyright=/etc/COPYRIGHT:\
131 # :welcome=/var/run/motd:\
132 # :setenv=BLOCKSIZE=K:\
133 # :mail=/var/mail/$:\
134 # :path=~/bin /bin /usr/bin /usr/local/bin:\
135 # :manpath=/usr/share/man /usr/local/man:\
136 # :nologin=/var/run/nologin:\
149 # :passwordtime=90d:\
156 ## users of X (needs more resources!)
159 # :manpath=/usr/share/man /usr/local/man:\
162 # :vmemoryuse=infinity:\
172 ## Staff users - few restrictions and allow login anytime
179 # :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
185 ## root - fallback for root logins
188 # :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
189 # :cputime=infinity:\
190 # :datasize=infinity:\
191 # :stacksize=infinity:\
192 # :memorylocked=infinity:\
193 # :memoryuse=infinity:\
194 # :filesize=infinity:\
195 # :coredumpsize=infinity:\
196 # :openfiles=infinity:\
197 # :maxproc=infinity:\
198 # :memoryuse-cur=32M:\
200 # :openfiles-cur=1024:\
204 # :tc=auth-root-defaults:
208 ## Settings used by /etc/rc
212 # :coredumpsize-cur=0:\
213 # :datasize=infinity:\
217 # :memoryuse-cur=64M:\
218 # :memorylocked-cur=64M:\
227 ## Settings used by news subsystem
230 # :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
231 # :cputime=infinity:\
233 # :datasize-cur=64M:\
234 # :stacksize-cur=32M:\
235 # :coredumpsize-cur=0:\
236 # :maxmemorysize-cur=128M:\
237 # :memorylocked=32M:\
244 ## The dialer class should be used for a dialup PPP account
245 ## Welcome messages/news suppressed
250 # :cputime=unlimited:\
263 ## Site full-time 24/7 PPP connection
264 ## - no time accounting, restricted to access via dialin lines
290 ## Example standard accounting entries for subscriber levels
293 #subscriber|Subscribers:\
295 # :refreshtime=180d:\
299 # :expireperiod=180d:\
314 ## Subscriber accounts. These accounts have their login times
315 ## accounted and have access limits applied.
317 #subppp|PPP Subscriber Accounts:\
322 #subshell|Shell Subscriber Accounts:\
326 ## If you want some of the accounts to use traditional UNIX DES based
330 # :passwd_format=des:\