Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (NetBSD-2.0)
Apropos / Subsearch:
optional field

LOGIN.CONF(5)               BSD File Formats Manual              LOGIN.CONF(5)

     login.conf -- login class capability data base


     The login.conf file describes the various attributes of login classes.  A
     login class determines what styles of authentication are available as
     well as session resource limits and environment setup.  While designed
     primarily for the login(1) program, it is also used by other programs,
     e.g., rexecd(8), which need to set up a user environment.

     The class to be used is normally determined by the class field in the
     password file (see passwd(5)).  The class is used to look up a corre-
     sponding entry in the login.conf file.  A special class called
     ``default'' will be used (if it exists) if there is no other match.

     Refer to getcap(3) for a description of the file layout.  An example
     entry is:

           classname|Description entry:\

     All entries in the login.conf file are either boolean or use a `=' to
     separate the capability from the value.  The types are described after
     the capability table.

     Name              Type       Default    Description

     copyright         file                  File containing additional copy-
                                             right information.

     coredumpsize      size                  Maximum coredump size limit.

     cputime           time                  CPU usage limit.

     datasize          size                  Maximum data size limit.

     filesize          size                  Maximum file size limit.

     host.allow        string                A comma-separated list of host
                                             name or IP address patterns from
                                             which a class is allowed access.
                                             Access is instead denied from any
                                             hosts preceeded by '!'.  Patterns
                                             can contain the sh(1) -style '*'
                                             and '?' wildcards.  The host.deny
                                             entry is checked before
                                             host.allow.  (Currently used only
                                             by sshd(8).)

     host.deny         string                A comma-separated list of host
                                             name or IP address patterns from
                                             which a class is denied access.
                                             Patterns as per host.allow,
                                             although a matched pattern that
                                             has been negated with '!' is
                                             ignored.  (Currently used only by

     hushlogin         bool       false      Same as having a $HOME/.hushlogin
                                             file.  See login(1).

     ignorenologin     bool       false      Not affected by nologin files.

     login-retries     number     10         Maximum number of login attempts
     login-backoff     number     3          Number of login attempts after
                                             which to start random back-off.

     maxproc           number                Maximum number of process.

     memorylocked      size                  Maximum locked in core memory
                                             size limit.

     memoryuse         size                  Maximum in core memoryuse size

     minpasswordlen    number                The minimum length a local pass-
                                             word may be.  Used by the
                                             passwd(1) utility.

     nologin           file                  If the file exists it will be
                                             displayed and the login session
                                             will be terminated.

     openfiles         number                Maximum number of open file
                                             descriptors per process.

     passwordtime      time                  Used by passwd(1) to set next
                                             password expiry date.

     password-warn     time       2w         If the user's password will
                                             expire within this length of time
                                             then warn the user of this.

     path              path       /bin /usr/bin
                                             Default search path.

     priority          number                Initial priority (nice) level.

     requirehome       bool       false      Require home directory to login.

     setenv            list                  Comma separated list of environ-
                                             ment variables and values to be

     shell             program               Session shell to execute rather
                                             than the shell specified in the
                                             password file.  The SHELL envi-
                                             ronment variable will contain the
                                             shell specified in the password

     stacksize         size                  Maximum stack size limit.

     term              string     su         Default terminal type if not able
                                             to determine from other means.

     umask             number     022        Initial umask.  Should always
                                             have a leading 0 to assure octal
                                             interpretation.  See umask(2).

     welcome           file       /etc/motd  File containing welcome message.

     The resource limit entries (cputime, filesize, datasize, stacksize,
     coredumpsize, memoryuse, memorylocked, maxproc, and openfiles) actually
     specify both the maximum and current limits (see getrlimit(2)).  The cur-
     rent limit is the one normally used, although the user is permitted to
     increase the current limit to the maximum limit.  The maximum and current
     limits may be specified individually by appending a '-max' or '-cur' to
     the capability name (e.g., openfiles-max and openfiles-cur).

     NetBSD will never define capabilities which start with x- or X-, these
     are reserved for external use (unless included through contributed soft-

     The argument types are defined as:

     file       Path name to a text file.

     list       A comma separated list of values.

     number     A number.  A leading 0x implies the number is expressed in
                hexadecimal.  A leading 0 implies the number is expressed in
                octal.  Any other number is treated as decimal.

     path       A space separated list of path names.  If a '~' is the first
                character in the path name, the '~' is expanded to the user's
                home directory.

     program    A path name to program.

     size       A number which expresses a size in bytes.  It may have a
                trailing b to multiply the value by 512, a k to multiply the
                value by 1 K (1024), and a m to multiply the value by 1 M

     time       A time in seconds.  A time may be expressed as a series of
                numbers which are added together.  Each number may have a
                trailing character to represent time units:

                y    Indicates a number of 365 day years.

                w    Indicates a number of 7 day weeks.

                d    Indicates a number of 24 hour days.

                h    Indicates a number of 60 minute hours.

                m    Indicates a number of 60 second minutes.

                s    Indicates a number of seconds.

                For example, to indicate 1 and 1/2 hours, the following string
                could be used: 1h30m.

     /etc/login.conf     login class capability database
     /etc/login.conf.db  hashed database built with cap_mkdb(1)

     cap_mkdb(1), login(1), getcap(3), login_cap(3), ttys(5), ftpd(8), sshd(8)

     The login.conf configuration file appeared in NetBSD 1.5.

BSD                             March 24, 2003                             BSD