Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
LOGIN.CONF(5)		    BSD	File Formats Manual		 LOGIN.CONF(5)

     login.conf	-- login class capability data base


     The login.conf file describes the various attributes of login classes.  A
     login class determines what styles	of authentication are available	as
     well as session resource limits and environment setup.  While designed
     primarily for the login(1)	program, it is also used by other programs,
     e.g., rexecd(8), which need to set	up a user environment.

     The class to be used is normally determined by the	class field in the
     password file (see	passwd(5)).  The class is used to look up a corre-
     sponding entry in the login.conf file.  A special class called "default"
     will be used (if it exists) if the	field in the password file is empty.

     Refer to getcap(3)	for a description of the file layout.  An example en-
     try is:

	   classname|Description entry:\

     All entries in the	login.conf file	are either boolean or use a `='	to
     separate the capability from the value.  The types	are described after
     the capability table.

     Name	       Type	  Default    Description

     copyright	       file		     File containing additional	copy-
					     right information.	 (If the file
					     exists, login(1) displays it be-
					     fore the welcome message.)

     coredumpsize      size		     Maximum coredump size limit.

     cputime	       time		     CPU usage limit.

     datasize	       size		     Maximum data size limit.

     filesize	       size		     Maximum file size limit.

     host.allow	       string		     A comma-separated list of host
					     name or IP	address	patterns from
					     which a class is allowed access.
					     Access is instead denied from any
					     hosts preceded by `!'.  Patterns
					     can contain the sh(1)-style `*'
					     and `?' wildcards.	 The host.deny
					     entry is checked before
					     host.allow.  (Currently used only
					     by	sshd(8).)

     host.deny	       string		     A comma-separated list of host
					     name or IP	address	patterns from
					     which a class is denied access.
					     Patterns as per host.allow, al-
					     though a matched pattern that has
					     been negated with `!' is ignored.
					     (Currently	used only by sshd(8).)

     hushlogin	       bool	  false	     Same as having a $HOME/.hushlogin
					     file.  See	login(1).

     ignorenologin     bool	  false	     Not affected by nologin files.

     login-retries     number	  10	     Maximum number of login attempts

     login-backoff     number	  3	     Number of login attempts after
					     which to start random back-off.

     maxproc	       number		     Maximum number of processes.

     memorylocked      size		     Maximum locked in core memory
					     size limit.

     memoryuse	       size		     Maximum in	core memoryuse size

     minpasswordlen    number		     The minimum length	a local	pass-
					     word may be.  Used	by the
					     passwd(1) utility.

     nologin	       file		     If	the file exists	it will	be
					     displayed and the login session
					     will be terminated.

     openfiles	       number		     Maximum number of open file de-
					     scriptors per process.

     passwordtime      time		     Used by passwd(1) to set next
					     password expiry date.

     password-warn     time	  2w	     If	the user's password will ex-
					     pire within this length of	time
					     then warn the user	of this.

     path	       path	  /bin /usr/bin
					     Default search path.

     priority	       number		     Initial priority (nice) level.

     requirehome       bool	  false	     Require home directory to login.

     sbsize	       size		     Maximum socket buffer size	limit.

     setenv	       list		     Comma or whitespace separated
					     list of environment variables and
					     values to be set.	Commas and
					     whitespace	can be escaped using

     shell	       program		     Session shell to execute rather
					     than the shell specified in the
					     password file.  The SHELL envi-
					     ronment variable will contain the
					     shell specified in	the password

     stacksize	       size		     Maximum stack size	limit.

     tc		       string		     A "continuation" entry, which
					     must be the last capability pro-
					     vided.  More capabilities are
					     read from the named entry.	 The
					     capabilities given	before tc
					     override those in the entry in-
					     voked by tc.

     term	       string	  su	     Default terminal type if not able
					     to	determine from other means.

     umask	       number	  022	     Initial umask.  Should always
					     have a leading 0 to assure	octal
					     interpretation.  See umask(2).

     welcome	       file	  /etc/motd  File containing welcome message.
					     login(1) displays this and
					     sshd(8) sends this.

     The resource limit	entries	(coredumpsize, cputime,	datasize, filesize,
     maxproc, memorylocked, memoryuse, openfiles, sbsize, and stacksize) actu-
     ally specify both the maximum and current limits (see getrlimit(2)).  The
     current limit is the one normally used, although the user is permitted to
     increase the current limit	to the maximum limit.  The maximum and current
     limits may	be specified individually by appending a `-max'	or `-cur' to
     the capability name (e.g.,	openfiles-max and openfiles-cur).

     NetBSD will never define capabilities which start with x- or X-; these
     are reserved for external use (unless included through contributed	soft-

     The argument types	are defined as:

     bool	If the name is present,	then the boolean value is true;	other-
		wise, it is false.

     file	Path name to a text file.

     list	A comma	or whitespace separated	list of	values.

     number	A number.  A leading 0x	implies	the number is expressed	in
		hexadecimal.  A	leading	0 implies the number is	expressed in
		octal.	Any other number is treated as decimal.

     path	A space	separated list of path names.  If a `~'	is the first
		character in the path name, the	`~' is expanded	to the user's
		home directory.

     program	A path name to program.

     size	A number which expresses a size	in bytes.  It may have a
		trailing b to multiply the value by 512, a k to	multiply the
		value by 1 K (1024), and a m to	multiply the value by 1	M

     time	A time in seconds.  A time may be expressed as a series	of
		numbers	which are added	together.  Each	number may have	a
		trailing character to represent	time units:

		y    Indicates a number	of 365 day years.

		w    Indicates a number	of 7 day weeks.

		d    Indicates a number	of 24 hour days.

		h    Indicates a number	of 60 minute hours.

		m    Indicates a number	of 60 second minutes.

		s    Indicates a number	of seconds.

		For example, to	indicate 1 and 1/2 hours, the following	string
		could be used: 1h30m.

     /etc/login.conf	 login class capability	database
     /etc/login.conf.db	 hashed	database built with cap_mkdb(1)

     cap_mkdb(1), login(1), getcap(3), login_cap(3), ttys(5), ftpd(8), sshd(8)

     The login.conf configuration file appeared	in NetBSD 1.5.

BSD			       November	18, 2008			   BSD


Want to link to this manual page? Use this URL:

home | help