From 0bc1c71450eec0185b444eb3353d240125c10f01 Mon Sep 17 00:00:00 2001 From: David Nugent Date: Sat, 11 Jan 1997 06:47:56 +0000 Subject: [PATCH] Adds a template/example login.conf, login class capabilities database. --- etc/Makefile | 4 +- etc/login.conf | 232 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 234 insertions(+), 2 deletions(-) create mode 100644 etc/login.conf diff --git a/etc/Makefile b/etc/Makefile index bf34da510653..e2b731053fb6 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -1,12 +1,12 @@ # from: @(#)Makefile 5.11 (Berkeley) 5/21/91 -# $Id: Makefile,v 1.145 1996/12/13 17:01:51 bde Exp $ +# $Id: Makefile,v 1.146 1996/12/28 18:00:17 peter Exp $ # -rw-r--r-- BINOWN= root BINGRP= wheel BIN1= aliases amd.map csh.cshrc csh.login csh.logout dm.conf \ ftpusers gettytab group hosts host.conf hosts.equiv hosts.lpd \ - inetd.conf login.access motd modems netstart networks \ + inetd.conf login.conf login.access motd modems netstart networks \ newsyslog.conf phones pccard.conf.sample printcap profile protocols \ rc rc.firewall rc.local rc.pccard rc.serial \ etc.${MACHINE}/rc.${MACHINE} \ diff --git a/etc/login.conf b/etc/login.conf new file mode 100644 index 000000000000..10659f2de797 --- /dev/null +++ b/etc/login.conf @@ -0,0 +1,232 @@ +# Sample login.conf - login class capabilities database. +# To speed up access to this data, you can use /bin/cap_mkdb +# to create a database form of this file: +# +# cap_mkdb /etc/login.conf +# +# Don't forget to do this after each edit as well! +# +# This file controls resource limits, accounting limits and +# default user environment settings. +# +# $Id$ +# + + +# Authentication methods + +auth-defaults:\ + :auth=krb_skey_or_passwd,passwd,kerberos,skey: + +auth-root-defaults:\ + :auth-login=krb_skey_or_passwd,passwd,kerberos,skey:\ + :auth-rlogin=krb_or_skey,kerberos,skey:\ + +auth-ftp-defaults:\ + :auth=skey_or_pwd,passwd,skey: + + +# Example defaults +# These settings are used by login(1) by default for classless users +# Note that entries like "cputime" set both "cputime-cur" and "cputime-max" + +default:\ + :cputime=infinity:\ + :coredumpsize=infinity:\ + :datasize=16M:\ + :filesize=infinity:\ + :maxproc=64:\ + :memorylocked=10M:\ + :memoryuse=30M:\ + :openfiles=64:\ + :priority=0:\ + :requirehome:\ + :stacksize=2M:\ + :term=dumb:\ + :umask=022:\ + :rc=auth-defaults: + + +# +# standard - standard user defaults +# +standard:\ + :copyright=/etc/COPYRIGHT:\ + :welcome=/etc/motd:\ + :setenv=MAIL=/var/mail/$ BLOCKSIZE=K EDITOR=/usr/bin/ee:\ + :path=~/bin /bin /usr/bin /usr/local/bin:\ + :manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\ + :nologin=/etc/nologin:\ + :coredumpsize=8M:\ + :cputime=1h30m:\ + :datasize=8M:\ + :stacksize=2M:\ + :filesize=8M:\ + :memorylocked=4M:\ + :memoryuse=8M:\ + :openfiles=24:\ + :maxproc=26:\ + :priority=4:\ + :requirehome:\ + :umask=002:\ + :ignoretime@:\ + :tc=default: + + +# +# Staff users - few restrictions and allow login anytime +# display staff motd +# +staff:\ + :welcome=/etc/motd-staff:\ + :ignorenologin:\ + :ignoretime:\ + :requirehome@:\ + :accounted@:\ + :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ + :umask=022:\ + :tc=standard: + + +# +# root - fallback for root logins +# +root:\ + :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ + :umask=022:\ + :tc=auth-root-defaults:\ + :tc=staff: + + +# +# Settings used by /etc/rc +# +daemon:\ + :cputime=unlimited:\ + :filesize=64M:\ + :datasize=32M:\ + :stacksize=32M:\ + :coredumpsize=0:\ + :memoryuse=64M:\ + :memorylocked=64M:\ + :maxproc=32:\ + :openfiles=256:\ + :tc=default: + + +# +# Settings used by news subsystem daemons +# +news:\ + :cputime=unlimited:\ + :filesize=128:\ + :datasize=64M:\ + :stacksize=32M:\ + :coredumpsize=0:\ + :maxmemorysize=128M:\ + :lockedmemory=32M:\ + :maxproc=128:\ + :openfiles=256:\ + :tc=default:\ + + +# +# The dialer class should be used for a dialup PPP/SLIP accounts +# Welcome messages/news suppressed and a special shell selector +# +dialer:\ + :hushlogin:\ + :requirehome@:\ + :shell=/usr/sbin/userls:\ + :cputime=unlimited:\ + :filesize=2M:\ + :datasize=2M:\ + :stacksize=4M:\ + :coredumpsize=0:\ + :memoryuse=4M:\ + :memorylocked=1M:\ + :maxproc=16:\ + :openfiles=32:\ + :tc=standard: + + +# +# Site full-time 24/7 PPP/SLIP connections +# - no time accounting, restricted to access via dialin lines +# +site:\ + :ignoretime:\ + :passwordperiod@:\ + :refreshtime@:\ + :refreshperiod@:\ + :sessionlimit@:\ + :autodelete@:\ + :expireperiod@:\ + :graceexpire@:\ + ;gracetime@:\ + :warnexpire@:\ + :warnpassword@:\ + :idletime@:\ + :sessiontime@:\ + :daytime@:\ + :weektime@:\ + :monthtime@:\ + :warntime@:\ + :tty.allow=dialin:\ + :tty.deny=:\ + :host.allow=:\ + :host.deny=:\ + :accounted@: + :tc=dialer:\ + :tc=staff: + + +# +# Example standard accounting entries for subscriber levels +# + +subscriber|Subscribers:\ + :accounted:\ + :passwordperiod=90d:\ + :refreshtime=180d:\ + :refreshperiod@:\ + :sessionlimit@:\ + :autodelete=30d:\ + :expireperiod=180d:\ + :graceexpire=7d:\ + :gracetime=10m:\ + :warnexpire=7d:\ + :warnpassword=7d:\ + :idletime=30m:\ + :sessiontime=4h:\ + :daytime=6h:\ + :weektime=40h:\ + :monthtime=120h:\ + :warntime=4h:\ + :tty.allow=dialin,pty,vt:\ + :tty.deny=:\ + :times.allow=Any0000-2400:\ + :times.deny=Mo0900-1200,Fr2120-2130:\ + :tc=standard: + + +# +# Subscriber accounts. These accounts have their login times +# accounted and have access limits applied. +# Userls is a user shell selector - do not use these classes without it! +# +subppp|Dual PPP/SLIP Subscriber Accounts:\ + :shell=/usr/sbin/userls:\ + :tc=dialer:\ + :tc=subscriber: + + +subslip|Dual PPP/SLIP Subscriber Accounts:\ + :shell=/usr/sbin/userls:\ + :tc=dialer:\ + :tc=subscriber: + + +subshell:Shell Subscriber Accounts:\ + :tc=subscriber: +