LOGIN.CONF(5) BSD File Formats Manual LOGIN.CONF(5)
login.conf -- login class capability data base
The login.conf file describes the various attributes of login classes. A login class deter-
mines what styles of authentication are available as well as session resource limits and
environment setup. While designed primarily for the login(1) program, it is also used by
other programs, e.g., rexecd(8), which need to set up a user environment.
The class to be used is normally determined by the class field in the password file (see
passwd(5)). The class is used to look up a corresponding entry in the login.conf file. A
special class called ``default'' will be used (if it exists) if the field in the password
file is empty.
Refer to getcap(3) for a description of the file layout. An example entry is:
All entries in the login.conf file are either boolean or use a `=' to separate the capabil-
ity from the value. The types are described after the capability table.
Name Type Default Description
copyright file File containing additional copyright information.
(If the file exists, login(1) displays it before the
coredumpsize size Maximum coredump size limit.
cputime time CPU usage limit.
datasize size Maximum data size limit.
filesize size Maximum file size limit.
host.allow string A comma-separated list of host name or IP address
patterns from which a class is allowed access.
Access is instead denied from any hosts preceded by
'!'. Patterns can contain the sh(1)-style '*' and
'?' wildcards. The host.deny entry is checked
before host.allow. (Currently used only by
host.deny string A comma-separated list of host name or IP address
patterns from which a class is denied access. Pat-
terns as per host.allow, although a matched pattern
that has been negated with '!' is ignored. (Cur-
rently used only by sshd(8).)
hushlogin bool false Same as having a $HOME/.hushlogin file. See
ignorenologin bool false Not affected by nologin files.
login-retries number 10 Maximum number of login attempts allowed.
login-backoff number 3 Number of login attempts after which to start random
maxproc number Maximum number of processes.
memorylocked size Maximum locked in core memory size limit.
memoryuse size Maximum in core memoryuse size limit.
minpasswordlen number The minimum length a local password may be. Used by
the passwd(1) utility.
nologin file If the file exists it will be displayed and the
login session will be terminated.
openfiles number Maximum number of open file descriptors per process.
passwordtime time Used by passwd(1) to set next password expiry date.
password-warn time 2w If the user's password will expire within this
length of time then warn the user of this.
path path /bin /usr/bin
Default search path.
priority number Initial priority (nice) level.
requirehome bool false Require home directory to login.
sbsize size Maximum socket buffer size limit.
setenv list Comma or whitespace separated list of environment
variables and values to be set. Commas and white-
space can be escaped using \\.
shell program Session shell to execute rather than the shell spec-
ified in the password file. The SHELL environment
variable will contain the shell specified in the
stacksize size Maximum stack size limit.
tc string A "continuation" entry, which must be the last capa-
bility provided. More capabilities are read from
the named entry. The capabilities given before tc
override those in the entry invoked by tc.
term string su Default terminal type if not able to determine from
umask number 022 Initial umask. Should always have a leading 0 to
assure octal interpretation. See umask(2).
welcome file /etc/motd File containing welcome message. login(1) displays
this and sshd(8) sends this.
The resource limit entries (coredumpsize, cputime, datasize, filesize, maxproc,
memorylocked, memoryuse, openfiles, sbsize, and stacksize) actually specify both the maximum
and current limits (see getrlimit(2)). The current limit is the one normally used, although
the user is permitted to increase the current limit to the maximum limit. The maximum and
current limits may be specified individually by appending a '-max' or '-cur' to the capabil-
ity name (e.g., openfiles-max and openfiles-cur).
NetBSD will never define capabilities which start with x- or X-; these are reserved for
external use (unless included through contributed software).
The argument types are defined as:
bool If the name is present, then the boolean value is true; otherwise, it is false.
file Path name to a text file.
list A comma or whitespace separated list of values.
number A number. A leading 0x implies the number is expressed in hexadecimal. A lead-
ing 0 implies the number is expressed in octal. Any other number is treated as
path A space separated list of path names. If a '~' is the first character in the
path name, the '~' is expanded to the user's home directory.
program A path name to program.
size A number which expresses a size in bytes. It may have a trailing b to multiply
the value by 512, a k to multiply the value by 1 K (1024), and a m to multiply
the value by 1 M (1048576).
time A time in seconds. A time may be expressed as a series of numbers which are
added together. Each number may have a trailing character to represent time
y Indicates a number of 365 day years.
w Indicates a number of 7 day weeks.
d Indicates a number of 24 hour days.
h Indicates a number of 60 minute hours.
m Indicates a number of 60 second minutes.
s Indicates a number of seconds.
For example, to indicate 1 and 1/2 hours, the following string could be used:
/etc/login.conf login class capability database
/etc/login.conf.db hashed database built with cap_mkdb(1)
cap_mkdb(1), login(1), getcap(3), login_cap(3), ttys(5), ftpd(8), sshd(8)
The login.conf configuration file appeared in NetBSD 1.5.
BSD November 18, 2008 BSD