LOGIN.CONF(5) | File Formats Manual | LOGIN.CONF(5) |
login.conf
—
login.conf |
login.conf
file describes the various attributes of
login classes. A login class determines what styles of authentication are
available as well as session resource limits and environment setup. While
designed primarily for the
login(1) program, it is also used
by other programs, e.g.,
rexecd(8), which need to set up
a user environment.
The class to be used is normally determined by the
class
field in the password file (see
passwd(5)). The class is used
to look up a corresponding entry in the login.conf
file. A special class called “default” will be used (if it
exists) if the field in the password file is empty.
classname|Description entry:\ :capability=value:\ :booleancapability:\ ... :lastcapability=value:
All entries in the login.conf
file are
either boolean or use a `=' to separate the capability from the value. The
types are described after the capability table.
Name | Type | Default | Description |
copyright | file | File containing additional copyright information. (If the file exists, login(1) displays it before the welcome message.) | |
coredumpsize | size | Maximum coredump size. | |
cputime | time | CPU usage limit. | |
datasize | size | Maximum data size. | |
filesize | size | Maximum file size. | |
host.allow | string | A comma-separated list of host name or IP address patterns from which a
class is allowed access. Access is instead denied from any hosts preceded
by ‘! ’. Patterns can contain the
sh(1)-style
‘* ’ and
‘? ’ wildcards. The
host.deny entry is checked before
host.allow. (Currently used only by
sshd(8).)
|
|
host.deny | string | A comma-separated list of host name or IP address patterns from which a
class is denied access. Patterns as per host.allow,
although a matched pattern that has been negated with
‘! ’ is ignored. (Currently used only
by sshd(8).)
|
|
hushlogin | bool | false |
Same as having a $HOME/.hushlogin file. See login(1). |
ignorenologin | bool | false |
Not affected by nologin files. |
login-retries | number | 10 | Maximum number of login attempts allowed. |
login-backoff | number | 3 | Number of login attempts after which to start random back-off. |
maxproc | number | Maximum number of processes. | |
maxthread | number | Maximum number of threads. The first thread of each process is not counted against this. | |
memorylocked | size | Maximum locked in core memory size. | |
memoryuse | size | Maximum in core memoryuse size. | |
minpasswordlen | number | The minimum length a local password may be. Used by the passwd(1) utility. | |
nologin | file | If the file exists it will be displayed and the login session will be terminated. | |
openfiles | number | Maximum number of open file descriptors per process. | |
passwordtime | time | Used by passwd(1) to set next password expiry date. | |
password-warn | time | 2w |
If the user's password will expire within this length of time then warn the user of this. |
path | path | /bin
/usr/bin |
Default search path. |
priority | number | Initial priority (nice) level. | |
requirehome | bool | false |
Require home directory to login. |
sbsize | size | Maximum socket buffer size. | |
setenv | list | Comma or whitespace separated list of environment variables and values to be set. Commas and whitespace can be escaped using \\. | |
shell | program | Session shell to execute rather than the shell specified in the password
file. The SHELL environment variable will contain
the shell specified in the password file.
|
|
stacksize | size | Maximum stack size. | |
tc | string | A "continuation" entry, which must be the last capability provided. More capabilities are read from the named entry. The capabilities given before tc override those in the entry invoked by tc. | |
term | string | su |
Default terminal type if not able to determine from other means. |
umask | number | 022 |
Initial umask. Should always have a leading 0 to
assure octal interpretation. See
umask(2).
|
vmemoryuse | size | Maximum virtual address space size. | |
welcome | file | /etc/motd |
File containing welcome message. login(1) displays this and sshd(8) sends this. |
The resource limit entries (coredumpsize, cputime, datasize, filesize, maxproc, memorylocked, memoryuse, openfiles, sbsize, stacksize and vmemoryuse) actually specify both the maximum and current limits (see getrlimit(2)). The current limit is the one normally used, although the user is permitted to increase the current limit to the maximum limit. The maximum and current limits may be specified individually by appending a ‘-max’ or ‘-cur’ to the capability name (e.g., openfiles-max and openfiles-cur).
NetBSD will never define capabilities
which start with x-
or X-
;
these are reserved for external use (unless included through contributed
software).
The argument types are defined as:
0x
implies the number is
expressed in hexadecimal. A leading 0
implies the
number is expressed in octal. Any other number is treated as decimal.~
’ is the first character in the
path name, the ‘~
’ is expanded to
the user's home directory.b
to multiply the value by 512, a
k
to multiply the value by 1 K (1024), and a
m
to multiply the value by 1 M (1048576).For example, to indicate 1 and 1/2 hours, the following string
could be used: 1h30m
.
login.conf
configuration file appeared in
NetBSD 1.5.
July 11, 2015 | NetBSD 9.4 |