Adds a template/example login.conf, login class capabilities database.

svn path=/head/; revision=21526
2024-11-27 22:12:43 +00:00 · 1997-01-11 06:47:56 +00:00 · 1997-01-11 06:47:56 +00:00 · 0bc1c71450 · 2020-12-20 02:59:44 +00:00
commit 0bc1c71450
parent c83a75eb30
2 changed files with 234 additions and 2 deletions
--- a/etc/Makefile
+++ b/etc/Makefile
@ -1,12 +1,12 @@
 #	from: @(#)Makefile	5.11 (Berkeley) 5/21/91
-#	$Id: Makefile,v 1.145 1996/12/13 17:01:51 bde Exp $
+#	$Id: Makefile,v 1.146 1996/12/28 18:00:17 peter Exp $

 # -rw-r--r--
 BINOWN= root
 BINGRP= wheel
 BIN1=   aliases amd.map csh.cshrc csh.login csh.logout dm.conf \
 	ftpusers gettytab group hosts host.conf hosts.equiv hosts.lpd \
-	inetd.conf login.access motd modems netstart networks \
+	inetd.conf login.conf login.access motd modems netstart networks \
 	newsyslog.conf phones pccard.conf.sample printcap profile protocols \
 	rc rc.firewall rc.local rc.pccard rc.serial \
 	etc.${MACHINE}/rc.${MACHINE} \
--- a/etc/login.conf
+++ b/etc/login.conf
@ -0,0 +1,232 @@
+# Sample login.conf - login class capabilities database.
+# To speed up access to this data, you can use /bin/cap_mkdb
+# to create a database form of this file:
+#
+#	cap_mkdb /etc/login.conf
+#
+# Don't forget to do this after each edit as well!
+#
+# This file controls resource limits, accounting limits and
+# default user environment settings.
+#
+#	$Id$
+#
+
+
+# Authentication methods
+
+auth-defaults:\
+	:auth=krb_skey_or_passwd,passwd,kerberos,skey:
+
+auth-root-defaults:\
+	:auth-login=krb_skey_or_passwd,passwd,kerberos,skey:\
+	:auth-rlogin=krb_or_skey,kerberos,skey:\
+
+auth-ftp-defaults:\
+	:auth=skey_or_pwd,passwd,skey:
+
+
+# Example defaults
+# These settings are used by login(1) by default for classless users
+# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
+
+default:\
+	:cputime=infinity:\
+	:coredumpsize=infinity:\
+	:datasize=16M:\
+	:filesize=infinity:\
+	:maxproc=64:\
+	:memorylocked=10M:\
+	:memoryuse=30M:\
+	:openfiles=64:\
+	:priority=0:\
+	:requirehome:\
+	:stacksize=2M:\
+	:term=dumb:\
+	:umask=022:\
+	:rc=auth-defaults:
+
+
+#
+# standard - standard user defaults
+#
+standard:\
+	:copyright=/etc/COPYRIGHT:\
+	:welcome=/etc/motd:\
+	:setenv=MAIL=/var/mail/$ BLOCKSIZE=K EDITOR=/usr/bin/ee:\
+	:path=~/bin /bin /usr/bin /usr/local/bin:\
+	:manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\
+	:nologin=/etc/nologin:\
+	:coredumpsize=8M:\
+	:cputime=1h30m:\
+	:datasize=8M:\
+	:stacksize=2M:\
+	:filesize=8M:\
+	:memorylocked=4M:\
+	:memoryuse=8M:\
+	:openfiles=24:\
+	:maxproc=26:\
+	:priority=4:\
+	:requirehome:\
+	:umask=002:\
+	:ignoretime@:\
+	:tc=default:
+
+
+#
+# Staff users - few restrictions and allow login anytime
+#		display staff motd
+#
+staff:\
+	:welcome=/etc/motd-staff:\
+	:ignorenologin:\
+	:ignoretime:\
+	:requirehome@:\
+	:accounted@:\
+	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:tc=standard:
+
+
+#
+# root - fallback for root logins
+#
+root:\
+	:path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:tc=auth-root-defaults:\
+	:tc=staff:
+
+
+#
+# Settings used by /etc/rc
+#
+daemon:\
+	:cputime=unlimited:\
+	:filesize=64M:\
+	:datasize=32M:\
+	:stacksize=32M:\
+	:coredumpsize=0:\
+	:memoryuse=64M:\
+	:memorylocked=64M:\
+	:maxproc=32:\
+	:openfiles=256:\
+	:tc=default:
+
+
+#
+# Settings used by news subsystem daemons
+#
+news:\
+	:cputime=unlimited:\
+	:filesize=128:\
+	:datasize=64M:\
+	:stacksize=32M:\
+	:coredumpsize=0:\
+	:maxmemorysize=128M:\
+	:lockedmemory=32M:\
+	:maxproc=128:\
+	:openfiles=256:\
+	:tc=default:\
+
+
+#
+# The dialer class should be used for a dialup PPP/SLIP accounts
+# Welcome messages/news suppressed and a special shell selector
+#
+dialer:\
+	:hushlogin:\
+	:requirehome@:\
+	:shell=/usr/sbin/userls:\
+	:cputime=unlimited:\
+	:filesize=2M:\
+	:datasize=2M:\
+	:stacksize=4M:\
+	:coredumpsize=0:\
+	:memoryuse=4M:\
+	:memorylocked=1M:\
+	:maxproc=16:\
+	:openfiles=32:\
+	:tc=standard:
+
+
+#
+# Site full-time 24/7 PPP/SLIP connections
+# - no time accounting, restricted to access via dialin lines
+#
+site:\
+	:ignoretime:\
+	:passwordperiod@:\
+	:refreshtime@:\
+	:refreshperiod@:\
+	:sessionlimit@:\
+	:autodelete@:\
+	:expireperiod@:\
+	:graceexpire@:\
+	;gracetime@:\
+	:warnexpire@:\
+	:warnpassword@:\
+	:idletime@:\
+	:sessiontime@:\
+	:daytime@:\
+	:weektime@:\
+	:monthtime@:\
+	:warntime@:\
+	:tty.allow=dialin:\
+	:tty.deny=:\
+	:host.allow=:\
+	:host.deny=:\
+	:accounted@:
+	:tc=dialer:\
+	:tc=staff:
+
+
+#
+# Example standard accounting entries for subscriber levels
+#
+
+subscriber|Subscribers:\
+	:accounted:\
+	:passwordperiod=90d:\
+	:refreshtime=180d:\
+	:refreshperiod@:\
+	:sessionlimit@:\
+	:autodelete=30d:\
+	:expireperiod=180d:\
+	:graceexpire=7d:\
+	:gracetime=10m:\
+	:warnexpire=7d:\
+	:warnpassword=7d:\
+	:idletime=30m:\
+	:sessiontime=4h:\
+	:daytime=6h:\
+	:weektime=40h:\
+	:monthtime=120h:\
+	:warntime=4h:\
+	:tty.allow=dialin,pty,vt:\
+	:tty.deny=:\
+	:times.allow=Any0000-2400:\
+	:times.deny=Mo0900-1200,Fr2120-2130:\
+	:tc=standard:
+
+
+#
+# Subscriber accounts. These accounts have their login times
+# accounted and have access limits applied.
+# Userls is a user shell selector - do not use these classes without it!
+#
+subppp|Dual PPP/SLIP Subscriber Accounts:\
+	:shell=/usr/sbin/userls:\
+	:tc=dialer:\
+	:tc=subscriber:
+
+
+subslip|Dual PPP/SLIP Subscriber Accounts:\
+	:shell=/usr/sbin/userls:\
+	:tc=dialer:\
+	:tc=subscriber:
+
+
+subshell:Shell Subscriber Accounts:\
+	:tc=subscriber:
+