From d7f9fa72386195c1867fd31e2baf55993a235b05 Mon Sep 17 00:00:00 2001 From: msmith Date: Wed, 16 Sep 1998 19:18:36 +0000 Subject: Effectively disable resource limit setting by default, leaving the original contents of the file preserved as examples for administrators that need to enable them. Also add a comment to the examples pointing out that the authentication functionality is largely unused and requires rebuilding libutil. Reviewed by: jkh --- etc/login.conf | 477 +++++++++++++++++++++++++++++++++------------------------ 1 file changed, 274 insertions(+), 203 deletions(-) (limited to 'etc/login.conf') diff --git a/etc/login.conf b/etc/login.conf index 766bf54..9cec866 100644 --- a/etc/login.conf +++ b/etc/login.conf @@ -9,249 +9,320 @@ # This file controls resource limits, accounting limits and # default user environment settings. # -# $Id: login.conf,v 1.19 1997/12/03 01:12:48 ache Exp $ +# $Id: login.conf,v 1.20 1998/03/09 03:01:47 steve Exp $ # - -# Authentication methods - -auth-defaults:\ - :auth=krb_skey_or_passwd,passwd,kerberos,skey: - -auth-root-defaults:\ - :auth-login=krb_skey_or_passwd,passwd,kerberos,skey:\ - :auth-rlogin=krb_or_skey,kerberos,skey: - -auth-ftp-defaults:\ - :auth=skey_or_pwd,passwd,skey: - +# Default settings effectively disable resource limits, see the +# examples below for a starting point to enable them. # Example defaults # These settings are used by login(1) by default for classless users # Note that entries like "cputime" set both "cputime-cur" and "cputime-max" default:\ - :cputime=infinity:\ - :datasize-cur=22M:\ - :stacksize-cur=8M:\ - :memorylocked-cur=10M:\ - :memoryuse-cur=30M:\ - :filesize=infinity:\ - :coredumpsize=infinity:\ - :maxproc-cur=64:\ - :openfiles-cur=64:\ - :priority=0:\ - :requirehome@:\ - :umask=022:\ - :tc=auth-defaults: - - -# -# standard - standard user defaults -# -standard:\ :copyright=/etc/COPYRIGHT:\ :welcome=/etc/motd:\ :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,EDITOR=/usr/bin/ee:\ :path=~/bin /bin /usr/bin /usr/local/bin:\ :manpath=/usr/share/man /usr/local/man:\ :nologin=/etc/nologin:\ - :cputime=1h30m:\ - :datasize=8M:\ - :stacksize=2M:\ - :memorylocked=4M:\ - :memoryuse=8M:\ - :filesize=8M:\ - :coredumpsize=8M:\ - :openfiles=24:\ - :maxproc=32:\ + :cputime=unlimited:\ + :datasize=unlimited:\ + :stacksize=unlimited:\ + :memorylocked=unlimited:\ + :memoryuse=unlimited:\ + :filesize=unlimited:\ + :coredumpsize=unlimited:\ + :openfiles=unlimited:\ + :maxproc=unlimited:\ :priority=0:\ - :requirehome:\ - :passwordperiod=90d:\ - :umask=002:\ :ignoretime@:\ - :tc=default: + :umask=022: # -# users of X (needs more resources!) +# A collection of common class names - forward them all to 'default' +# (login would normally do this anyway, but having a class name +# here suppresses the diagnostic) # +standard:\ + :tc=default: xuser:\ - :manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\ - :cputime=4h:\ - :datasize=12M:\ - :stacksize=4M:\ - :filesize=8M:\ - :memoryuse=16M:\ - :openfiles=32:\ - :maxproc=48:\ - :tc=standard: - - -# -# Staff users - few restrictions and allow login anytime -# + :tc=default: staff:\ - :ignorenologin:\ - :ignoretime:\ - :requirehome@:\ - :accounted@:\ - :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ - :umask=022:\ - :tc=standard: - + :tc=default: +daemon:\ + :tc=default; +news:\ + :tc=default: +dialer:\ + :tc=default: # -# root - fallback for root logins +# Root can always login # root:\ - :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ - :cputime=infinity:\ - :datasize=infinity:\ - :stacksize=infinity:\ - :memorylocked=infinity:\ - :memoryuse=infinity:\ - :filesize=infinity:\ - :coredumpsize=infinity:\ - :openfiles=infinity:\ - :maxproc=infinity:\ - :memoryuse-cur=32M:\ - :maxproc-cur=64:\ - :openfiles-cur=1024:\ - :priority=0:\ - :requirehome@:\ - :umask=022:\ - :tc=auth-root-defaults: - + :ignorenologin:\ + :tc=default: # -# Settings used by /etc/rc +# Russian Users Accounts. Setup proper environment variables. # -daemon:\ - :coredumpsize@:\ - :coredumpsize-cur=0:\ - :datasize=infinity:\ - :datasize-cur@:\ - :maxproc=512:\ - :maxproc-cur@:\ - :memoryuse-cur=64M:\ - :memorylocked-cur=64M:\ - :openfiles=1024:\ - :openfiles-cur@:\ - :stacksize=16M:\ - :stacksize-cur@:\ +russian:Russian Users Accounts:\ + :charset=KOI8-R:\ + :lang=ru_RU.KOI8-R:\ :tc=default: +###################################################################### +###################################################################### +## +## Example entries +## +###################################################################### +###################################################################### + +## Authentication methods +## Note that these are disabled by default, and libutil must +## be rebuilt with LOGIN_CAP_AUTH defined to use them. # -# Settings used by news subsystem +#auth-defaults:\ +# :auth=krb_skey_or_passwd,passwd,kerberos,skey: # -news:\ - :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ - :cputime=infinity:\ - :filesize=128M:\ - :datasize-cur=64M:\ - :stacksize-cur=32M:\ - :coredumpsize-cur=0:\ - :maxmemorysize-cur=128M:\ - :memorylocked=32M:\ - :maxproc=128:\ - :openfiles=256:\ - :tc=default: - - +#auth-root-defaults:\ +# :auth-login=krb_skey_or_passwd,passwd,kerberos,skey:\ +# :auth-rlogin=krb_or_skey,kerberos,skey: # -# The dialer class should be used for a dialup PPP/SLIP accounts -# Welcome messages/news suppressed +#auth-ftp-defaults:\ +# :auth=skey_or_pwd,passwd,skey: # -dialer:\ - :hushlogin:\ - :requirehome@:\ - :cputime=unlimited:\ - :filesize=2M:\ - :datasize=2M:\ - :stacksize=4M:\ - :coredumpsize=0:\ - :memoryuse=4M:\ - :memorylocked=1M:\ - :maxproc=16:\ - :openfiles=32:\ - :tc=standard: - - # -# Site full-time 24/7 PPP/SLIP connections -# - no time accounting, restricted to access via dialin lines -# -site:\ - :ignoretime:\ - :passwordperiod@:\ - :refreshtime@:\ - :refreshperiod@:\ - :sessionlimit@:\ - :autodelete@:\ - :expireperiod@:\ - :graceexpire@:\ - :gracetime@:\ - :warnexpire@:\ - :warnpassword@:\ - :idletime@:\ - :sessiontime@:\ - :daytime@:\ - :weektime@:\ - :monthtime@:\ - :warntime@:\ - :accounted@:\ - :tc=dialer:\ - :tc=staff: - - +## Example defaults +## These settings are used by login(1) by default for classless users +## Note that entries like "cputime" set both "cputime-cur" and "cputime-max" # -# Example standard accounting entries for subscriber levels +#default:\ +# :cputime=infinity:\ +# :datasize-cur=22M:\ +# :stacksize-cur=8M:\ +# :memorylocked-cur=10M:\ +# :memoryuse-cur=30M:\ +# :filesize=infinity:\ +# :coredumpsize=infinity:\ +# :maxproc-cur=64:\ +# :openfiles-cur=64:\ +# :priority=0:\ +# :requirehome@:\ +# :umask=022:\ +# :tc=auth-defaults: # - -subscriber|Subscribers:\ - :accounted:\ - :refreshtime=180d:\ - :refreshperiod@:\ - :sessionlimit@:\ - :autodelete=30d:\ - :expireperiod=180d:\ - :graceexpire=7d:\ - :gracetime=10m:\ - :warnexpire=7d:\ - :warnpassword=7d:\ - :idletime=30m:\ - :sessiontime=4h:\ - :daytime=6h:\ - :weektime=40h:\ - :monthtime=120h:\ - :warntime=4h:\ - :tc=standard: - - # -# Subscriber accounts. These accounts have their login times -# accounted and have access limits applied. +## +## standard - standard user defaults +## +#standard:\ +# :copyright=/etc/COPYRIGHT:\ +# :welcome=/etc/motd:\ +# :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,EDITOR=/usr/bin/ee:\ +# :path=~/bin /bin /usr/bin /usr/local/bin:\ +# :manpath=/usr/share/man /usr/local/man:\ +# :nologin=/etc/nologin:\ +# :cputime=1h30m:\ +# :datasize=8M:\ +# :stacksize=2M:\ +# :memorylocked=4M:\ +# :memoryuse=8M:\ +# :filesize=8M:\ +# :coredumpsize=8M:\ +# :openfiles=24:\ +# :maxproc=32:\ +# :priority=0:\ +# :requirehome:\ +# :passwordperiod=90d:\ +# :umask=002:\ +# :ignoretime@:\ +# :tc=default: # -subppp|PPP Subscriber Accounts:\ - :tc=dialer:\ - :tc=subscriber: - - -subslip|SLIP Subscriber Accounts:\ - :tc=dialer:\ - :tc=subscriber: - - -subshell:Shell Subscriber Accounts:\ - :tc=subscriber: - - # -# Russian Users Accounts. Setup proper environment variables. +## +## users of X (needs more resources!) +## +#xuser:\ +# :manpath=/usr/share/man /usr/X11R6/man /usr/local/man:\ +# :cputime=4h:\ +# :datasize=12M:\ +# :stacksize=4M:\ +# :filesize=8M:\ +# :memoryuse=16M:\ +# :openfiles=32:\ +# :maxproc=48:\ +# :tc=standard: # -russian:Russian Users Accounts:\ - :charset=KOI8-R:\ - :lang=ru_RU.KOI8-R:\ - :tc=default: +# +## +## Staff users - few restrictions and allow login anytime +## +#staff:\ +# :ignorenologin:\ +# :ignoretime:\ +# :requirehome@:\ +# :accounted@:\ +# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ +# :umask=022:\ +# :tc=standard: +# +# +## +## root - fallback for root logins +## +#root:\ +# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ +# :cputime=infinity:\ +# :datasize=infinity:\ +# :stacksize=infinity:\ +# :memorylocked=infinity:\ +# :memoryuse=infinity:\ +# :filesize=infinity:\ +# :coredumpsize=infinity:\ +# :openfiles=infinity:\ +# :maxproc=infinity:\ +# :memoryuse-cur=32M:\ +# :maxproc-cur=64:\ +# :openfiles-cur=1024:\ +# :priority=0:\ +# :requirehome@:\ +# :umask=022:\ +# :tc=auth-root-defaults: +# +# +## +## Settings used by /etc/rc +## +#daemon:\ +# :coredumpsize@:\ +# :coredumpsize-cur=0:\ +# :datasize=infinity:\ +# :datasize-cur@:\ +# :maxproc=512:\ +# :maxproc-cur@:\ +# :memoryuse-cur=64M:\ +# :memorylocked-cur=64M:\ +# :openfiles=1024:\ +# :openfiles-cur@:\ +# :stacksize=16M:\ +# :stacksize-cur@:\ +# :tc=default: +# +# +## +## Settings used by news subsystem +## +#news:\ +# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\ +# :cputime=infinity:\ +# :filesize=128M:\ +# :datasize-cur=64M:\ +# :stacksize-cur=32M:\ +# :coredumpsize-cur=0:\ +# :maxmemorysize-cur=128M:\ +# :memorylocked=32M:\ +# :maxproc=128:\ +# :openfiles=256:\ +# :tc=default: +# +# +## +## The dialer class should be used for a dialup PPP/SLIP accounts +## Welcome messages/news suppressed +## +#dialer:\ +# :hushlogin:\ +# :requirehome@:\ +# :cputime=unlimited:\ +# :filesize=2M:\ +# :datasize=2M:\ +# :stacksize=4M:\ +# :coredumpsize=0:\ +# :memoryuse=4M:\ +# :memorylocked=1M:\ +# :maxproc=16:\ +# :openfiles=32:\ +# :tc=standard: +# +# +## +## Site full-time 24/7 PPP/SLIP connections +## - no time accounting, restricted to access via dialin lines +## +#site:\ +# :ignoretime:\ +# :passwordperiod@:\ +# :refreshtime@:\ +# :refreshperiod@:\ +# :sessionlimit@:\ +# :autodelete@:\ +# :expireperiod@:\ +# :graceexpire@:\ +# :gracetime@:\ +# :warnexpire@:\ +# :warnpassword@:\ +# :idletime@:\ +# :sessiontime@:\ +# :daytime@:\ +# :weektime@:\ +# :monthtime@:\ +# :warntime@:\ +# :accounted@:\ +# :tc=dialer:\ +# :tc=staff: +# +# +## +## Example standard accounting entries for subscriber levels +## +# +#subscriber|Subscribers:\ +# :accounted:\ +# :refreshtime=180d:\ +# :refreshperiod@:\ +# :sessionlimit@:\ +# :autodelete=30d:\ +# :expireperiod=180d:\ +# :graceexpire=7d:\ +# :gracetime=10m:\ +# :warnexpire=7d:\ +# :warnpassword=7d:\ +# :idletime=30m:\ +# :sessiontime=4h:\ +# :daytime=6h:\ +# :weektime=40h:\ +# :monthtime=120h:\ +# :warntime=4h:\ +# :tc=standard: +# +# +## +## Subscriber accounts. These accounts have their login times +## accounted and have access limits applied. +## +#subppp|PPP Subscriber Accounts:\ +# :tc=dialer:\ +# :tc=subscriber: +# +# +#subslip|SLIP Subscriber Accounts:\ +# :tc=dialer:\ +# :tc=subscriber: +# +# +#subshell:Shell Subscriber Accounts:\ +# :tc=subscriber: +# +# +## +## Russian Users Accounts. Setup proper environment variables. +## +#russian:Russian Users Accounts:\ +# :charset=KOI8-R:\ +# :lang=ru_RU.KOI8-R:\ +# :tc=default: \ No newline at end of file -- cgit v1.1