Subject: Re: login_cap(2)
To: Aaron J. Grier <agrier@poofygoof.com>
From: None <itojun@iijlab.net>
List: current-users
Date: 01/25/2001 12:28:00
>an example login.conf in /usr/share/examples would be very helpful.
sounds great to me. the following has FreeBSD login.conf with minor
modifications/removals to meet NetBSD login_cap(3). please comment.
if any of you have better default one to be put into
/usr/share/examples/, please let me know.
itojun
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# login.conf
# diff
#
echo x - login.conf
sed 's/^X//' >login.conf << 'END-of-login.conf'
X# login.conf - login class capabilities database.
X#
X# Remember to rebuild the database after each change to this file:
X#
X# cap_mkdb /etc/login.conf
X#
X# This file controls resource limits, accounting limits and
X# default user environment settings.
X#
X# $FreeBSD: src/etc/login.conf,v 1.40 2000/12/19 14:12:46 rwatson Exp $
X#
X
X# Default settings effectively disable resource limits, see the
X# examples below for a starting point to enable them.
X
X# defaults
X# These settings are used by login(1) by default for classless users
X# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
X
Xdefault:\
X :copyright=/etc/COPYRIGHT:\
X :welcome=/etc/motd:\
X :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
X :nologin=/etc/nologin:\
X :cputime=unlimited:\
X :datasize=unlimited:\
X :stacksize=unlimited:\
X :memorylocked=unlimited:\
X :memoryuse=unlimited:\
X :filesize=unlimited:\
X :coredumpsize=unlimited:\
X :openfiles=unlimited:\
X :maxproc=unlimited:\
X :sbsize=unlimited:\
X :priority=0:\
X :ignoretime@:\
X :umask=022:
X
X
X#
X# A collection of common class names - forward them all to 'default'
X# (login would normally do this anyway, but having a class name
X# here suppresses the diagnostic)
X#
Xstandard:\
X :tc=default:
Xxuser:\
X :tc=default:
Xstaff:\
X :tc=default:
Xdaemon:\
X :tc=default:
Xnews:\
X :tc=default:
Xdialer:\
X :tc=default:
X
X#
X# Root can always login
X#
X# N.B. login_getpwclass(3) will use this entry for the root account,
X# in preference to 'default'.
Xroot:\
X :ignorenologin:\
X :tc=default:
X
X
X######################################################################
X######################################################################
X##
X## Example entries
X##
X######################################################################
X######################################################################
X
X## Example defaults
X## These settings are used by login(1) by default for classless users
X## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
X#
X#default:\
X# :cputime=infinity:\
X# :datasize-cur=22M:\
X# :stacksize-cur=8M:\
X# :memorylocked-cur=10M:\
X# :memoryuse-cur=30M:\
X# :filesize=infinity:\
X# :coredumpsize=infinity:\
X# :maxproc-cur=64:\
X# :openfiles-cur=64:\
X# :priority=0:\
X# :requirehome@:\
X# :umask=022:\
X# :tc=auth-defaults:
X#
X#
X##
X## standard - standard user defaults
X##
X#standard:\
X# :copyright=/etc/COPYRIGHT:\
X# :welcome=/etc/motd:\
X# :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
X# :path=~/bin /bin /usr/bin /usr/local/bin:\
X# :manpath=/usr/share/man /usr/local/man:\
X# :nologin=/etc/nologin:\
X# :cputime=1h30m:\
X# :datasize=8M:\
X# :stacksize=2M:\
X# :memorylocked=4M:\
X# :memoryuse=8M:\
X# :filesize=8M:\
X# :coredumpsize=8M:\
X# :openfiles=24:\
X# :maxproc=32:\
X# :priority=0:\
X# :requirehome:\
X# :passwordtime=90d:\
X# :umask=002:\
X# :ignoretime@:\
X# :tc=default:
X#
X#
X##
X## users of X (needs more resources!)
X##
X#xuser:\
X# :manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\
X# :cputime=4h:\
X# :datasize=12M:\
X# :stacksize=4M:\
X# :filesize=8M:\
X# :memoryuse=16M:\
X# :openfiles=32:\
X# :maxproc=48:\
X# :tc=standard:
X#
X#
X##
X## Staff users - few restrictions and allow login anytime
X##
X#staff:\
X# :ignorenologin:\
X# :ignoretime:\
X# :requirehome@:\
X# :accounted@:\
X# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
X# :umask=022:\
X# :tc=standard:
X#
X#
X##
X## root - fallback for root logins
X##
X#root:\
X# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
X# :cputime=infinity:\
X# :datasize=infinity:\
X# :stacksize=infinity:\
X# :memorylocked=infinity:\
X# :memoryuse=infinity:\
X# :filesize=infinity:\
X# :coredumpsize=infinity:\
X# :openfiles=infinity:\
X# :maxproc=infinity:\
X# :memoryuse-cur=32M:\
X# :maxproc-cur=64:\
X# :openfiles-cur=1024:\
X# :priority=0:\
X# :requirehome@:\
X# :umask=022:\
X# :tc=auth-root-defaults:
X#
X#
X##
X## Settings used by /etc/rc
X##
X#daemon:\
X# :coredumpsize@:\
X# :coredumpsize-cur=0:\
X# :datasize=infinity:\
X# :datasize-cur@:\
X# :maxproc=512:\
X# :maxproc-cur@:\
X# :memoryuse-cur=64M:\
X# :memorylocked-cur=64M:\
X# :openfiles=1024:\
X# :openfiles-cur@:\
X# :stacksize=16M:\
X# :stacksize-cur@:\
X# :tc=default:
X#
X#
X##
X## Settings used by news subsystem
X##
X#news:\
X# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
X# :cputime=infinity:\
X# :filesize=128M:\
X# :datasize-cur=64M:\
X# :stacksize-cur=32M:\
X# :coredumpsize-cur=0:\
X# :maxmemorysize-cur=128M:\
X# :memorylocked=32M:\
X# :maxproc=128:\
X# :openfiles=256:\
X# :tc=default:
X#
X#
X##
X## The dialer class should be used for a dialup PPP/SLIP accounts
X## Welcome messages/news suppressed
X##
X#dialer:\
X# :hushlogin:\
X# :requirehome@:\
X# :cputime=unlimited:\
X# :filesize=2M:\
X# :datasize=2M:\
X# :stacksize=4M:\
X# :coredumpsize=0:\
X# :memoryuse=4M:\
X# :memorylocked=1M:\
X# :maxproc=16:\
X# :openfiles=32:\
X# :tc=standard:
X#
X#
X##
X## Site full-time 24/7 PPP/SLIP connections
X## - no time accounting, restricted to access via dialin lines
X##
X#site:\
X# :ignoretime:\
X# :passwordtime@:\
X# :refreshtime@:\
X# :refreshperiod@:\
X# :sessionlimit@:\
X# :autodelete@:\
X# :expireperiod@:\
X# :graceexpire@:\
X# :gracetime@:\
X# :warnexpire@:\
X# :warnpassword@:\
X# :idletime@:\
X# :sessiontime@:\
X# :daytime@:\
X# :weektime@:\
X# :monthtime@:\
X# :warntime@:\
X# :accounted@:\
X# :tc=dialer:\
X# :tc=staff:
X#
X#
X##
X## Example standard accounting entries for subscriber levels
X##
X#
X#subscriber|Subscribers:\
X# :accounted:\
X# :refreshtime=180d:\
X# :refreshperiod@:\
X# :sessionlimit@:\
X# :autodelete=30d:\
X# :expireperiod=180d:\
X# :graceexpire=7d:\
X# :gracetime=10m:\
X# :warnexpire=7d:\
X# :warnpassword=7d:\
X# :idletime=30m:\
X# :sessiontime=4h:\
X# :daytime=6h:\
X# :weektime=40h:\
X# :monthtime=120h:\
X# :warntime=4h:\
X# :tc=standard:
X#
X#
X##
X## Subscriber accounts. These accounts have their login times
X## accounted and have access limits applied.
X##
X#subppp|PPP Subscriber Accounts:\
X# :tc=dialer:\
X# :tc=subscriber:
X#
X#
X#subslip|SLIP Subscriber Accounts:\
X# :tc=dialer:\
X# :tc=subscriber:
X#
X#
X#subshell:Shell Subscriber Accounts:\
X# :tc=subscriber:
END-of-login.conf
echo x - diff
sed 's/^X//' >diff << 'END-of-diff'
X*** /tmp/login.conf- Thu Jan 25 12:20:51 2001
X***************
X*** 20,27 ****
X default:\
X :copyright=/etc/COPYRIGHT:\
X :welcome=/etc/motd:\
X :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
X! :nologin=/var/run/nologin:\
X :cputime=unlimited:\
X--- 20,25 ----
X default:\
X :copyright=/etc/COPYRIGHT:\
X :welcome=/etc/motd:\
X :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
X! :nologin=/etc/nologin:\
X :cputime=unlimited:\
X***************
X*** 68,77 ****
X
X- #
X- # Russian Users Accounts. Setup proper environment variables.
X- #
X-
X
X--- 66,67 ----
X***************
X*** 114,116 ****
X # :manpath=/usr/share/man /usr/local/man:\
X! # :nologin=/var/run/nologin:\
X # :cputime=1h30m:\
X--- 104,106 ----
X # :manpath=/usr/share/man /usr/local/man:\
X! # :nologin=/etc/nologin:\
X # :cputime=1h30m:\
X***************
X*** 305,313 ****
X # :tc=subscriber:
X- #
X- ##
X- ## If you want some of the accounts to use traditional UNIX DES based
X- ## password hashes.
X- ##
X--- 295 ----
END-of-diff
exit