]>
Commit | Line | Data |
---|---|---|
846764b4 ER |
1 | # |
2 | # /etc/login.defs - Configuration control definitions for the login package. | |
3 | # | |
4 | # $Id$ | |
5 | # | |
6 | # Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. | |
7 | # If unspecified, some arbitrary (and possibly incorrect) value will | |
8 | # be assumed. All other items are optional - if not specified then | |
9 | # the described action or option will be inhibited. | |
10 | # | |
11 | # Comment lines (lines beginning with "#") and blank lines are ignored. | |
12 | # | |
13 | # Modified for Linux. --marekm | |
14 | ||
15 | # | |
16 | # Delay in seconds before being allowed another attempt after a login failure | |
17 | # | |
18 | FAIL_DELAY 3 | |
19 | ||
846764b4 ER |
20 | # |
21 | # Enable display of unknown usernames when login failures are recorded. | |
22 | # | |
23 | LOG_UNKFAIL_ENAB no | |
24 | ||
25 | # | |
26 | # Enable logging of successful logins | |
27 | # | |
28 | LOG_OK_LOGINS no | |
29 | ||
846764b4 ER |
30 | # |
31 | # Enable "syslog" logging of su activity - in addition to sulog file logging. | |
32 | # SYSLOG_SG_ENAB does the same for newgrp and sg. | |
33 | # | |
34 | SYSLOG_SU_ENAB yes | |
35 | SYSLOG_SG_ENAB yes | |
36 | ||
37 | # | |
38 | # If defined, either full pathname of a file containing device names or | |
39 | # a ":" delimited list of device names. Root logins will be allowed only | |
40 | # upon these devices. | |
41 | # | |
42 | CONSOLE /etc/securetty | |
43 | #CONSOLE console:tty01:tty02:tty03:tty04 | |
44 | ||
45 | # | |
46 | # If defined, all su activity is logged to this file. | |
47 | # | |
48 | #SULOG_FILE /var/log/sulog | |
49 | ||
846764b4 ER |
50 | # |
51 | # If defined, file which maps tty line to TERM environment parameter. | |
52 | # Each line of the file is in a format something like "vt100 tty01". | |
53 | # | |
54 | #TTYTYPE_FILE /etc/ttytype | |
55 | ||
846764b4 ER |
56 | # |
57 | # If defined, the command name to display when running "su -". For | |
58 | # example, if this is defined as "su" then a "ps" will display the | |
59 | # command is "-su". If not defined, then "ps" would display the | |
60 | # name of the shell actually being run, e.g. something like "-sh". | |
61 | # | |
62 | SU_NAME su | |
63 | ||
64 | # | |
d61ad957 AM |
65 | # *REQUIRED* |
66 | # Directory where mailboxes reside, _or_ name of file, relative to the | |
67 | # home directory. If you _do_ define both, MAIL_DIR takes precedence. | |
d61ad957 | 68 | # |
d57127bc | 69 | MAIL_DIR /var/mail |
d61ad957 AM |
70 | #MAIL_FILE .mail |
71 | ||
846764b4 ER |
72 | # |
73 | # If defined, file which inhibits all the usual chatter during the login | |
74 | # sequence. If a full pathname, then hushed mode will be enabled if the | |
75 | # user's name or shell are found in the file. If not a full pathname, then | |
76 | # hushed mode will be enabled if the file exists in the user's home directory. | |
77 | # | |
78 | HUSHLOGIN_FILE .hushlogin | |
79 | #HUSHLOGIN_FILE /etc/hushlogins | |
80 | ||
846764b4 ER |
81 | # |
82 | # *REQUIRED* The default PATH settings, for superuser and normal users. | |
83 | # | |
84 | # (they are minimal, add the rest in the shell startup files) | |
85 | ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin | |
86 | ENV_PATH PATH=/bin:/usr/bin | |
87 | ||
88 | # | |
89 | # Terminal permissions | |
90 | # | |
91 | # TTYGROUP Login tty will be assigned this group ownership. | |
92 | # TTYPERM Login tty will be set to this permission. | |
93 | # | |
94 | # If you have a "write" program which is "setgid" to a special group | |
95 | # which owns the terminals, define TTYGROUP to the group number and | |
96 | # TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign | |
97 | # TTYPERM to either 622 or 600. | |
98 | # | |
99 | TTYGROUP tty | |
100 | TTYPERM 0600 | |
101 | ||
102 | # | |
103 | # Login configuration initializations: | |
104 | # | |
105 | # ERASECHAR Terminal ERASE character ('\010' = backspace). | |
106 | # KILLCHAR Terminal KILL character ('\025' = CTRL/U). | |
107 | # UMASK Default "umask" value. | |
846764b4 ER |
108 | # |
109 | # The ERASECHAR and KILLCHAR are used only on System V machines. | |
846764b4 ER |
110 | # |
111 | # Prefix these values with "0" to get octal, "0x" to get hexadecimal. | |
112 | # | |
a37c4e97 ER |
113 | #ERASECHAR 0177 |
114 | #KILLCHAR 025 | |
846764b4 | 115 | UMASK 022 |
d61ad957 AM |
116 | |
117 | # | |
118 | # Min/max values for automatic uid selection in useradd | |
119 | # | |
8f308d84 | 120 | UID_MIN 1000 |
d61ad957 AM |
121 | UID_MAX 60000 |
122 | ||
123 | # | |
124 | # Min/max values for automatic gid selection in groupadd | |
125 | # | |
8f308d84 | 126 | GID_MIN 1000 |
d61ad957 AM |
127 | GID_MAX 60000 |
128 | ||
846764b4 ER |
129 | # |
130 | # Max number of login retries if password is bad | |
131 | # | |
132 | LOGIN_RETRIES 5 | |
133 | ||
134 | # | |
135 | # Max time in seconds for login | |
136 | # | |
137 | LOGIN_TIMEOUT 60 | |
138 | ||
d61ad957 | 139 | # |
846764b4 ER |
140 | # Which fields may be changed by regular users using chfn - use |
141 | # any combination of letters "frwh" (full name, room number, work | |
142 | # phone, home phone). If not defined, no changes are allowed. | |
143 | # For backward compatibility, "yes" = "rwh" and "no" = "frwh". | |
144 | # | |
d57127bc | 145 | CHFN_RESTRICT yes |
846764b4 | 146 | |
846764b4 ER |
147 | # |
148 | # List of groups to add to the user's supplementary group set | |
149 | # when logging in on the console (as determined by the CONSOLE | |
150 | # setting). Default is none. | |
151 | # | |
152 | # Use with caution - it is possible for users to gain permanent | |
153 | # access to these groups, even when not logged in on the console. | |
154 | # How to do it is left as an exercise for the reader... | |
155 | # | |
156 | #CONSOLE_GROUPS floppy:audio:cdrom | |
157 | ||
158 | # | |
159 | # Should login be allowed if we can't cd to the home directory? | |
160 | # Default in no. | |
161 | # | |
162 | DEFAULT_HOME yes | |
163 | ||
d61ad957 AM |
164 | # |
165 | # If defined, this command is run when removing a user. | |
166 | # It should remove any at/cron/print jobs etc. owned by | |
167 | # the user to be removed (passed as the first argument). | |
168 | # | |
169 | #USERDEL_CMD /usr/sbin/userdel_local | |
170 | ||
171 | # | |
846764b4 ER |
172 | # When prompting for password without echo, getpass() can optionally |
173 | # display a random number (in the range 1 to GETPASS_ASTERISKS) of '*' | |
174 | # characters for each character typed. This feature is designed to | |
175 | # confuse people looking over your shoulder when you enter a password :-). | |
176 | # Also, the new getpass() accepts both Backspace (8) and Delete (127) | |
177 | # keys to delete previous character (to cope with different terminal | |
178 | # types), Control-U to delete all characters, and beeps when there are | |
179 | # no more characters to delete, or too many characters entered. | |
180 | # | |
181 | # Setting GETPASS_ASTERISKS to 1 results in more traditional behaviour - | |
182 | # exactly one '*' displayed for each character typed. | |
183 | # | |
184 | # Setting GETPASS_ASTERISKS to 0 disables the '*' characters (Backspace, | |
185 | # Delete, Control-U and beep continue to work as described above). | |
d61ad957 | 186 | # |
846764b4 ER |
187 | # Setting GETPASS_ASTERISKS to -1 reverts to the traditional getpass() |
188 | # without any new features. This is the default. | |
189 | # | |
190 | #GETPASS_ASTERISKS 1 | |
d61ad957 | 191 | |
846764b4 ER |
192 | # |
193 | # Enable setting of the umask group bits to be the same as owner bits | |
194 | # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is | |
195 | # the same as gid, and username is the same as the primary group name. | |
196 | # | |
197 | # This also enables userdel to remove user groups if no members exist. | |
198 | # | |
d57127bc | 199 | #USERGROUPS_ENAB yes |
0e2613ba | 200 |