LOGIN_CAP(3) BSD Library Functions Manual LOGIN_CAP(3)
login_getclass, login_getcapbool, login_getcapnum, login_getcapsize, login_getcapstr,
login_getcaptime, login_close, setclasscontext, setusercontext -- query login.conf database
about a user class
System Utilities Library (libutil, -lutil)
login_getcapbool(login_cap_t *lc, const char *cap, u_int def);
login_getcapnum(login_cap_t *lc, const char *cap, quad_t def, quad_t err);
login_getcapsize(login_cap_t *lc, const char *cap, quad_t def, quad_t err);
login_getcapstr(login_cap_t *lc, const char *cap, char *def, char *err);
login_getcaptime(login_cap_t *lc, const char *cap, quad_t def, quad_t err);
setclasscontext(const char *class, u_int flags);
setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, u_int flags);
The login_getclass() function extracts the entry specified by class (or default if class is
NULL or the empty string) from /etc/login.conf (see login.conf(5)). If the entry is found,
a login_cap_t pointer is returned. NULL is returned if the user class is not found. When
the login_cap_t structure is no longer needed, it should be freed by the login_close() func-
Once lc has been returned by login_getclass(), any of the other login_*() functions may be
The login_getcapnum(), login_getcapsize(), login_getcapstr(), and login_getcaptime() func-
tions all query the database entry for a field named cap. If the field is found, its value
is returned. If the field is not found, the value specified by def is returned. If an
error is encountered while trying to find the field, err is returned. See login.conf(5) for
a discussion of the various textual forms the value may take. The login_getcapbool() func-
tion is slightly different. It returns def if no capabilities were found for this class
(typically meaning that the default class was used and the /etc/login.conf file is missing).
It returns a non-zero value if cap, with no value, was found, zero otherwise.
The setclasscontext() function takes class, the name of a user class, and sets the resources
defined by that class according to flags. Only the LOGIN_SETPATH, LOGIN_SETPRIORITY,
LOGIN_SETRESOURCES, and LOGIN_SETUMASK bits are used. (See setusercontext() below). It
returns 0 on success and -1 on failure.
The setusercontext() function sets the resources according to flags. The lc argument, if
not NULL, contains the class information that should be used. The pwd argument, if not
NULL, provides information about the user. Both lc and pwd cannot be NULL. The uid argu-
ment is used in place of the user id contained in the pwd structure when calling setuid(2).
The various bits available to be or-ed together to make up flags are:
LOGIN_SETGID Set the group id. Requires the pwd field be specified.
LOGIN_SETGROUPS Set the group membership list by calling initgroups(3). Requires the
pwd field be specified.
LOGIN_SETGROUP Set the group id and call initgroups(3). Requires the pwd field be
LOGIN_SETLOGIN Sets the login name by setlogin(2). Requires the pwd field be speci-
LOGIN_SETPATH Sets the PATH environment variable.
LOGIN_SETPRIORITY Sets the priority by setpriority(2).
LOGIN_SETRESOURCES Sets the various system resources by setrlimit(2).
LOGIN_SETUMASK Sets the umask by umask(2).
LOGIN_SETUSER Sets the user id to uid by setuid(2).
LOGIN_SETENV Sets the environment variables as defined by the setenv keyword, by
LOGIN_SETALL Sets all of the above.
setlogin(2), setpriority(2), setrlimit(2), setuid(2), umask(2), initgroups(3),
The login_getclass family of functions are largely based on the BSD/OS implementation of
same, and appeared in NetBSD 1.5 by kind permission.
The string returned by login_getcapstr() is allocated via malloc(3) when the specified capa-
bility is present and thus it is the responsibility of the caller to free() this space.
However, if the capability was not found or an error occurred and def or err (whichever is
relevant) are non-NULL the returned value is simply what was passed in to login_getcapstr().
Therefore it is not possible to blindly free() the return value without first checking it
against def and err.
The same warnings set forth in setlogin(2) apply to setusercontext() when the LOGIN_SETLOGIN
flag is used. Specifically, changing the login name affects all processes in the current
session, not just the current process. See setlogin(2) for more information.
BSD October 6, 2007 BSD