1 # login.conf - login class capabilities database.
3 # Remember to rebuild the database after each change to this file:
5 # cap_mkdb /etc/login.conf
7 # This file controls resource limits, accounting limits and
8 # default user environment settings.
13 # Default settings effectively disable resource limits, see the
14 # examples below for a starting point to enable them.
17 # These settings are used by login(1) by default for classless users
18 # Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
20 # Note that since a colon ':' is used to separate capability entries,
21 # a \c escape sequence must be used to embed a literal colon in the
22 # value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX
23 # AND SEMANTICS'' section of getcap(3) for more escape sequences).
26 :passwd_format=sha512:\
27 :copyright=/etc/COPYRIGHT:\
28 :welcome=/var/run/motd:\
31 :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\
32 :nologin=/var/run/nologin:\
35 :stacksize=unlimited:\
37 :memoryuse=unlimited:\
39 :coredumpsize=unlimited:\
40 :openfiles=unlimited:\
43 :vmemoryuse=unlimited:\
45 :pseudoterminals=unlimited:\
55 # A collection of common class names - forward them all to 'default'
56 # (login would normally do this anyway, but having a class name
57 # here suppresses the diagnostic)
66 # This PATH may be clobbered by individual applications. Notably, by default,
67 # rc(8), service(8), and cron(8) will all override it with a default PATH that
68 # may not include /usr/local/sbin and /usr/local/bin when starting services or
71 :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin:\
81 # Root can always login
83 # N.B. login_getpwclass(3) will use this entry for the root account,
84 # in preference to 'default'.
87 :memorylocked=unlimited:\
91 # Russian Users Accounts. Setup proper environment variables.
93 russian|Russian Users Accounts:\
99 ######################################################################
100 ######################################################################
104 ######################################################################
105 ######################################################################
108 ## These settings are used by login(1) by default for classless users
109 ## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
112 # :cputime=infinity:\
113 # :datasize-cur=22M:\
114 # :stacksize-cur=8M:\
115 # :memorylocked-cur=10M:\
116 # :memoryuse-cur=30M:\
117 # :filesize=infinity:\
118 # :coredumpsize=infinity:\
120 # :openfiles-cur=64:\
128 ## standard - standard user defaults
131 # :copyright=/etc/COPYRIGHT:\
132 # :welcome=/var/run/motd:\
133 # :setenv=BLOCKSIZE=K:\
134 # :mail=/var/mail/$:\
135 # :path=~/bin /bin /usr/bin /usr/local/bin:\
136 # :manpath=/usr/share/man /usr/local/man:\
137 # :nologin=/var/run/nologin:\
150 # :passwordtime=90d:\
157 ## users of X (needs more resources!)
160 # :manpath=/usr/share/man /usr/local/man:\
163 # :vmemoryuse=infinity:\
173 ## Staff users - few restrictions and allow login anytime
180 # :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
186 ## root - fallback for root logins
189 # :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
190 # :cputime=infinity:\
191 # :datasize=infinity:\
192 # :stacksize=infinity:\
193 # :memorylocked=infinity:\
194 # :memoryuse=infinity:\
195 # :filesize=infinity:\
196 # :coredumpsize=infinity:\
197 # :openfiles=infinity:\
198 # :maxproc=infinity:\
199 # :memoryuse-cur=32M:\
201 # :openfiles-cur=1024:\
205 # :tc=auth-root-defaults:
209 ## Settings used by /etc/rc
213 # :coredumpsize-cur=0:\
214 # :datasize=infinity:\
218 # :memoryuse-cur=64M:\
219 # :memorylocked-cur=64M:\
228 ## Settings used by news subsystem
231 # :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
232 # :cputime=infinity:\
234 # :datasize-cur=64M:\
235 # :stacksize-cur=32M:\
236 # :coredumpsize-cur=0:\
237 # :maxmemorysize-cur=128M:\
238 # :memorylocked=32M:\
245 ## The dialer class should be used for a dialup PPP account
246 ## Welcome messages/news suppressed
251 # :cputime=unlimited:\
264 ## Site full-time 24/7 PPP connection
265 ## - no time accounting, restricted to access via dialin lines
291 ## Example standard accounting entries for subscriber levels
294 #subscriber|Subscribers:\
296 # :refreshtime=180d:\
300 # :expireperiod=180d:\
315 ## Subscriber accounts. These accounts have their login times
316 ## accounted and have access limits applied.
318 #subppp|PPP Subscriber Accounts:\
323 #subshell|Shell Subscriber Accounts:\
327 ## If you want some of the accounts to use traditional UNIX DES based
331 # :passwd_format=des:\