564 lines
19 KiB
Groff
564 lines
19 KiB
Groff
|
.\" Copyright 1991 - 1993, Julianne Frances Haugh and Chip Rosenthal
|
||
|
.\" All rights reserved.
|
||
|
.\"
|
||
|
.\" Redistribution and use in source and binary forms, with or without
|
||
|
.\" modification, are permitted provided that the following conditions
|
||
|
.\" are met:
|
||
|
.\" 1. Redistributions of source code must retain the above copyright
|
||
|
.\" notice, this list of conditions and the following disclaimer.
|
||
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||
|
.\" notice, this list of conditions and the following disclaimer in the
|
||
|
.\" documentation and/or other materials provided with the distribution.
|
||
|
.\" 3. Neither the name of Julianne F. Haugh nor the names of its contributors
|
||
|
.\" may be used to endorse or promote products derived from this software
|
||
|
.\" without specific prior written permission.
|
||
|
.\"
|
||
|
.\" THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
|
||
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
|
||
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||
|
.\" SUCH DAMAGE.
|
||
|
.\"
|
||
|
.\" $Id: login.defs.5,v 1.6 1998/12/28 20:35:13 marekm Exp $
|
||
|
.\"
|
||
|
.TH LOGIN 5
|
||
|
.SH NAME
|
||
|
/etc/login.defs \- Login configuration
|
||
|
.SH DESCRIPTION
|
||
|
The
|
||
|
.I /etc/login.defs
|
||
|
file defines the site-specific configuration for the shadow login
|
||
|
suite. This file is required. Absence of this file will not prevent
|
||
|
system operation, but will probably result in undesirable operation.
|
||
|
.PP
|
||
|
This file is a readable text file, each line of the file describing
|
||
|
one configuration parameter. The lines consist of a configuration
|
||
|
name and value, seperated by whitespace. Blank lines and comment
|
||
|
lines are ignored. Comments are introduced with a `#' pound sign and
|
||
|
the pound sign must be the first non-white character of the line.
|
||
|
.PP
|
||
|
Parameter values may be of four types: strings, booleans, numbers,
|
||
|
and long numbers. A string is comprised of any printable characters.
|
||
|
A boolean should be either the value ``yes'' or ``no''. An undefined
|
||
|
boolean parameter or one with a value other than these will be given
|
||
|
a ``no'' value. Numbers (both regular and long) may be either decimal
|
||
|
values, octal values (precede the value with ``0'') or hexadecimal
|
||
|
values (precede the value with ``0x''). The maximum value of the
|
||
|
regular and long numeric parameters is machine-dependant.
|
||
|
.PP
|
||
|
The following configuration items are provided:
|
||
|
.\"
|
||
|
.IP "CHFN_AUTH (boolean)"
|
||
|
If
|
||
|
.IR yes ,
|
||
|
the
|
||
|
.B chfn
|
||
|
and
|
||
|
.B chsh
|
||
|
programs will ask for password before making any changes, unless
|
||
|
run by the superuser.
|
||
|
.\"
|
||
|
.IP "CHFN_RESTRICT (string)"
|
||
|
This parameter specifies which values in the
|
||
|
.I gecos
|
||
|
field of the
|
||
|
.I passwd
|
||
|
file may be changed by regular users using the
|
||
|
.B chfn
|
||
|
program. It can be any combination of letters
|
||
|
.IR f ,
|
||
|
.IR r ,
|
||
|
.IR w ,
|
||
|
.IR h ,
|
||
|
for Full name, Room number, Work phone, and Home phone, respectively.
|
||
|
If not specified, only the superuser can make any changes.
|
||
|
.\"
|
||
|
.IP "CONSOLE (string)"
|
||
|
If specified, this definition provides for a restricted set of lines
|
||
|
on which root logins will be allowed. An attempted root login which
|
||
|
does not meet the criteria established here will be rejected. The
|
||
|
value of this field may be one of two forms, either a fully-rooted
|
||
|
pathname such as
|
||
|
.sp
|
||
|
.ft I
|
||
|
CONSOLE /etc/consoles
|
||
|
.ft R
|
||
|
.sp
|
||
|
or a colon-delimited list of terminal lines such as:
|
||
|
.sp
|
||
|
.ft I
|
||
|
CONSOLE console:tty01:tty02:tty03:tty04
|
||
|
.ft R
|
||
|
.sp
|
||
|
If a pathname is given, each line of the file should specify one
|
||
|
terminal line. If this parameter is not defined or the specified file
|
||
|
does not exist, then root logins will be allowed from any terminal
|
||
|
line. Because the removal of this file, or its truncation, could
|
||
|
result in unauthorized root logins, this file must be protected.
|
||
|
Where security is critical, the colon-separated form should be used
|
||
|
to prevent this potential method of attack.
|
||
|
.\"
|
||
|
.IP "CONSOLE_GROUPS (string)"
|
||
|
XXX needs to be documented.
|
||
|
.\"
|
||
|
.IP "CRACKLIB_DICTPATH (string)"
|
||
|
XXX needs to be documented.
|
||
|
.\"
|
||
|
.IP "DEFAULT_HOME (boolean)"
|
||
|
XXX needs to be documented.
|
||
|
.\"
|
||
|
.IP "DIALUPS_CHECK_ENAB (boolean)"
|
||
|
If
|
||
|
.I yes
|
||
|
and an
|
||
|
.I /etc/dialups
|
||
|
file exists, then secondary passwords are enabled upon the dialup
|
||
|
lines specified in this file. This file should contain a list of
|
||
|
dialups, one per line, for example:
|
||
|
.nf
|
||
|
.sp
|
||
|
.ft I
|
||
|
ttyfm01
|
||
|
ttyfm02
|
||
|
\0\0.
|
||
|
\0\0.
|
||
|
\0\0.
|
||
|
.ft R
|
||
|
.sp
|
||
|
.fi
|
||
|
.\"
|
||
|
.IP "ENVIRON_FILE (string)"
|
||
|
XXX needs to be documented.
|
||
|
.\"
|
||
|
.IP "ENV_HZ (string)"
|
||
|
This parameter specifies a value for an HZ environment parameter.
|
||
|
Example usage is:
|
||
|
.sp
|
||
|
\fIENV_HZ HZ=50\fR
|
||
|
.sp
|
||
|
If this parameter is not defined then no HZ value will be established.
|
||
|
.\"
|
||
|
.IP "ENV_PATH (string)"
|
||
|
This parameter must be defined as the search path for regular users.
|
||
|
When a login with UID other than zero occurs, the PATH environment
|
||
|
parameter is initialized to this value. This parameter is required;
|
||
|
if undefined a possibly incorrect default value will be provided.
|
||
|
.\"
|
||
|
.IP "ENV_SUPATH (string)"
|
||
|
This parameter must be defined as the search path for the superuser.
|
||
|
When a login with UID zero occurs, the PATH environment parameter is
|
||
|
initialized to this value. This parameter is required; if undefined
|
||
|
a possibly incorrect default value will be provided.
|
||
|
.\"
|
||
|
.IP "ENV_TZ (string)"
|
||
|
This parameter specifies information for generating a TZ environment
|
||
|
parameter. The value must either be the desired contents of TZ, or
|
||
|
the full pathname of a file which contains this information. Example
|
||
|
usage is:
|
||
|
.sp
|
||
|
\fIENV_TZ\0\0\0\0TZ=CST6CDT\fP
|
||
|
.sp
|
||
|
or
|
||
|
.sp
|
||
|
\fIENV_TZ\0\0\0\0/etc/tzname\fP
|
||
|
.sp
|
||
|
If a nonexistent file is named, then TZ will be initialized to some
|
||
|
default value. If this parameter is not defined then no TZ value will
|
||
|
be established.
|
||
|
.\"
|
||
|
.IP "ERASECHAR (number)"
|
||
|
The terminal
|
||
|
.I erase
|
||
|
character is initialized to this value. This is supported only on
|
||
|
systems with the
|
||
|
.I termio
|
||
|
interface, e.g. System V. If not specified, the erase character will
|
||
|
be initialized to a backspace. See KILLCHAR for related information.
|
||
|
.\"
|
||
|
.IP "FAILLOG_ENAB (boolean)"
|
||
|
If
|
||
|
.I yes
|
||
|
then login failures will be accumulated in
|
||
|
.I /var/log/faillog
|
||
|
in a
|
||
|
.BR faillog (8)
|
||
|
format.
|
||
|
.\"
|
||
|
.IP "FAIL_DELAY (number)"
|
||
|
Delay time in seconds after each failed login attempt.
|
||
|
.\"
|
||
|
.IP "FAKE_SHELL (string)"
|
||
|
Instead of the real user shell, the program specified by this
|
||
|
parameter will be launched, although its visible name (argv[0]) will
|
||
|
be the shell's. The program may do whatever it wants (logging,
|
||
|
additional authentification, banner, ...) before running the actual
|
||
|
shell.
|
||
|
.\"
|
||
|
.IP "FTMP_FILE (string)"
|
||
|
This parameter specifies the full pathname to a file to which login
|
||
|
failures are recorded. When a login failure occurs, a
|
||
|
.I utmp
|
||
|
format record will be appended to this file. Note that this differs
|
||
|
from the
|
||
|
.I /var/log/faillog
|
||
|
failure logging in that this facility logs every failure whereas the
|
||
|
``faillog'' facility accumulates failure information per user. If
|
||
|
this parameter is not specified then logging will be inhibited. See
|
||
|
FAILLOG_ENAB and LOG_UNKFAIL_ENAB for related information.
|
||
|
.\"
|
||
|
.IP "GID_MAX (number)"
|
||
|
.IP "GID_MIN (number)"
|
||
|
Range of group IDs to choose from for the
|
||
|
.B groupadd
|
||
|
program.
|
||
|
.\"
|
||
|
.IP "HUSHLOGIN_FILE (string)"
|
||
|
This parameter is used to establish ``hushlogin'' conditions. There
|
||
|
are two possible ways to establish these conditions. First, if the
|
||
|
value of this parameter is a filename and that file exists in the
|
||
|
user's home directory then ``hushlogin'' conditions will be in effect.
|
||
|
The contents of this file are ignored; its mere presence triggers
|
||
|
``hushlogin'' conditions. Second, if the value of this parameter is
|
||
|
a full pathname and either the user's login name or the user's shell
|
||
|
is found in this file, then ``hushlogin'' conditions will be in effect.
|
||
|
In this case, the file should be in a format similar to:
|
||
|
.nf
|
||
|
.sp
|
||
|
.ft I
|
||
|
demo
|
||
|
/usr/lib/uucp/uucico
|
||
|
\0\0.
|
||
|
\0\0.
|
||
|
\0\0.
|
||
|
.ft R
|
||
|
.sp
|
||
|
.fi
|
||
|
If this parameter is not defined, then ``hushlogin'' conditions will
|
||
|
never occur. When ``hushlogin'' conditions are established, the
|
||
|
message of the day, last successful and unsuccessful login display,
|
||
|
mail status display, and password aging checks are suppressed. Note
|
||
|
that allowing hushlogin files in user home directories allows the user
|
||
|
to disable password aging checks. See MOTD_FILE, FAILLOG_ENAB,
|
||
|
LASTLOG_ENAB, and MAIL_CHECK_ENAB for related information.
|
||
|
.\"
|
||
|
.IP "ISSUE_FILE (string)"
|
||
|
Full pathname of the file to display before each login prompt.
|
||
|
.\"
|
||
|
.IP "KILLCHAR (number)"
|
||
|
The terminal
|
||
|
.I kill
|
||
|
character is initialized to this value. This is supported only on
|
||
|
systems with the
|
||
|
.I termio
|
||
|
interface, e.g. System V. If not specified, the kill character will
|
||
|
be initialized to a \s-2CTRL/U\s0.
|
||
|
See ERASECHAR for related information.
|
||
|
.\"
|
||
|
.IP "LASTLOG_ENAB (boolean)"
|
||
|
If
|
||
|
.IR yes ,
|
||
|
and if the
|
||
|
.I /var/log/lastlog
|
||
|
file exists, then a successful user login will be recorded to this
|
||
|
file. Furthermore, if this option is enabled then the times of the
|
||
|
most recent successful and unsuccessful logins will be displayed to
|
||
|
the user upon login. The unsuccessful login display will be suppressed
|
||
|
if FAILLOG_ENAB is not enabled. If ``hushlogin'' conditions are in
|
||
|
effect, then both the successful and unsuccessful login information
|
||
|
will be suppressed.
|
||
|
.\"
|
||
|
.IP "LOGIN_RETRIES (number)"
|
||
|
Number of login attempts allowed before the
|
||
|
.B login
|
||
|
program exits.
|
||
|
.\"
|
||
|
.IP "LOGIN_STRING (string)"
|
||
|
XXX needs to be documented.
|
||
|
.IP "LOGIN_TIMEOUT (number)"
|
||
|
XXX needs to be documented.
|
||
|
.IP "LOG_OK_LOGINS (boolean)"
|
||
|
XXX needs to be documented.
|
||
|
.IP "LOG_UNKFAIL_ENAB (boolean)"
|
||
|
If
|
||
|
.I yes
|
||
|
then unknown usernames will be included when a login failure is
|
||
|
recorded. Note that this is a potential security risk; a common login
|
||
|
failure mode is transposition of the user name and password, thus this
|
||
|
mode will often cause passwords to accumulate in the failure logs.
|
||
|
If this option is disabled then unknown usernames will be suppressed
|
||
|
in login failure messages.
|
||
|
.\"
|
||
|
.IP "MAIL_CHECK_ENAB (boolean)"
|
||
|
If
|
||
|
.IR yes ,
|
||
|
the user will be notified of his or her mailbox status upon login.
|
||
|
See MAIL_DIR for related information.
|
||
|
.\"
|
||
|
.IP "MAIL_DIR (string)"
|
||
|
This parameter specifies the full pathname to the directory which
|
||
|
contains the user mailbox files. The user's login name is appended
|
||
|
to this path to form the MAIL environment parameter \- the path to
|
||
|
the user's mailbox. Either this parameter or MAIL_FILE must be defined;
|
||
|
if undefined some possibly incorrect default value will be assumed.
|
||
|
See MAIL_CHECK_ENAB for related information.
|
||
|
.\"
|
||
|
.IP "MAIL_FILE (string)"
|
||
|
This parameter specifies the name of the user's mailbox file. This
|
||
|
name is appended to the name of the user's home directory to form the
|
||
|
MAIL environment parameter \- the path to the user's mailbox. Either
|
||
|
this parameter or MAIL_DIR must be defined; if undefined some possibly
|
||
|
incorrect default value will be assumed. See MAIL_CHECK_ENAB for
|
||
|
related information.
|
||
|
.\"
|
||
|
.IP "MD5_CRYPT_ENAB (boolean)"
|
||
|
If
|
||
|
.IR yes ,
|
||
|
the
|
||
|
.B passwd
|
||
|
program will encrypt newly changed passwords using a new MD5-based
|
||
|
.BR crypt (3)
|
||
|
password hashing algorithm, which originally appeared in FreeBSD, and
|
||
|
is also supported by libc-5.4.38 and glibc-2.0 (or higher) on Linux.
|
||
|
This algorithm allows passwords longer than 8 characters (limited by
|
||
|
.BR getpass (3)
|
||
|
to 127 characters), but is incompatible with traditional
|
||
|
.BR crypt (3)
|
||
|
implementations.
|
||
|
.\"
|
||
|
.IP "MOTD_FILE (string)"
|
||
|
This parameter specifies a colon-delimited list of pathnames to ``message
|
||
|
of the day'' files.
|
||
|
If a specified file exists, then its contents are displayed to the user
|
||
|
upon login.
|
||
|
If this parameter is not defined or ``hushlogin'' login conditions are
|
||
|
in effect, this information will be suppressed.
|
||
|
.\"
|
||
|
.IP "NOLOGINS_FILE (string)"
|
||
|
This parameter specifies the full pathname to a file which inhibits
|
||
|
non-root logins. If this file exists and a user other than root
|
||
|
attempts to log in, the contents of the file will be displayed and
|
||
|
the user will be disconnected. If this parameter is not specified
|
||
|
then this feature will be inhibited.
|
||
|
.\"
|
||
|
.IP "NOLOGIN_STR (string)"
|
||
|
XXX needs to be documented.
|
||
|
.\"
|
||
|
.IP "OBSCURE_CHECKS_ENAB (boolean)"
|
||
|
If
|
||
|
.IR yes ,
|
||
|
the
|
||
|
.B passwd
|
||
|
program will perform additional checks before accepting a password change.
|
||
|
The checks performed are fairly simple, and their use is recommended.
|
||
|
These obscurity checks are bypassed if
|
||
|
.B passwd
|
||
|
is run by
|
||
|
.IR root .
|
||
|
See PASS_MIN_LEN for related information.
|
||
|
.\"
|
||
|
.IP "PASS_ALWAYS_WARN (boolean)"
|
||
|
XXX needs to be documented.
|
||
|
.\"
|
||
|
.IP "PASS_CHANGE_TRIES (number)"
|
||
|
XXX needs to be documented.
|
||
|
.\"
|
||
|
.IP "PASS_MIN_DAYS (number)"
|
||
|
The minimum number of days allowed between password changes. Any password
|
||
|
changes attempted sooner than this will be rejected. If not specified, a
|
||
|
zero value will be assumed.
|
||
|
.\"
|
||
|
.IP "PASS_MIN_LEN (number)"
|
||
|
The minimum number of characters in an acceptable password. An attempt to
|
||
|
assign a password with fewer characters will be rejected. A zero value
|
||
|
suppresses this check. If not specified, a zero value will be assumed.
|
||
|
.\"
|
||
|
.IP "PASS_MAX_DAYS (number)"
|
||
|
The maximum number of days a password may be used. If the password is
|
||
|
older than this, then the account will be locked. If not specified,
|
||
|
a large value will be assumed.
|
||
|
.\"
|
||
|
.IP "PASS_MAX_LEN (number)"
|
||
|
XXX needs to be documented.
|
||
|
.\"
|
||
|
.IP "PASS_WARN_AGE (number)"
|
||
|
The number of days warning given before a password expires. A zero means
|
||
|
warning is given only upon the day of expiration, a negative value means
|
||
|
no warning is given. If not specified, no warning will be provided.
|
||
|
.\"
|
||
|
.IP "PORTTIME_CHECKS_ENAB (boolean)"
|
||
|
If
|
||
|
.I yes
|
||
|
and an
|
||
|
.I /etc/porttime
|
||
|
file exists, that file will be consulted to ensure the user may login
|
||
|
at this time on the given line.
|
||
|
c.f.
|
||
|
.BR porttime (5)
|
||
|
.\"
|
||
|
.IP "QMAIL_DIR (string)"
|
||
|
For Qmail users, this parameter specifies a directory where a Maildir
|
||
|
hierarchy is stored.
|
||
|
See MAIL_CHECK_ENAB for related information.
|
||
|
.\"
|
||
|
.IP "QUOTAS_ENAB (boolean)"
|
||
|
If
|
||
|
.I yes ,
|
||
|
then the user's ``ulimit,'' ``umask,'' and ``niceness'' will be
|
||
|
initialized to the values if specified in the
|
||
|
.I gecos
|
||
|
field of the
|
||
|
.I passwd
|
||
|
file.
|
||
|
c.f.
|
||
|
.BR passwd (5).
|
||
|
.\"
|
||
|
.IP "SU_NAME (string)"
|
||
|
This parameter assigns a command name when ``su -'' is run. For
|
||
|
example, if the parameter is defined as ``su'', then a
|
||
|
.BR ps (1)
|
||
|
listing would show the command running as ``-su''. If this parameter
|
||
|
is undefined, then a
|
||
|
.BR ps (1)
|
||
|
listing would show the name of the actual shell being run, e.g.
|
||
|
something like ``-sh''.
|
||
|
.\"
|
||
|
.IP "SULOG_FILE (string)"
|
||
|
This parameter specifies a full pathname of a file in which
|
||
|
.B su
|
||
|
activity is logged.
|
||
|
If this parameter is not specified, the logging is suppressed.
|
||
|
Because the
|
||
|
.B su
|
||
|
command may be used when attempting to authenticate a password,
|
||
|
either this option, or
|
||
|
.I syslog
|
||
|
should be used to note
|
||
|
.B su
|
||
|
activity. See the SYSLOG_SU_ENAB option for related information.
|
||
|
.\"
|
||
|
.IP "SU_WHEEL_ONLY (boolean)"
|
||
|
XXX needs to be documented.
|
||
|
.\"
|
||
|
.IP "SYSLOG_SG_ENAB (boolean)"
|
||
|
XXX needs to be documented.
|
||
|
.\"
|
||
|
.IP "SYSLOG_SU_ENAB (boolean)"
|
||
|
If
|
||
|
.I yes
|
||
|
and
|
||
|
.B login
|
||
|
was compiled with
|
||
|
.I syslog
|
||
|
support, then all
|
||
|
.B su
|
||
|
activity will be noted through the
|
||
|
.I syslog
|
||
|
facility.
|
||
|
See SULOG_FILE for related information.
|
||
|
.\"
|
||
|
.IP "TTYGROUP (string or number)"
|
||
|
The group ownership of the terminal is initialized to this group
|
||
|
name or number. One well-known security attack involves forcing terminal
|
||
|
control sequences upon another user's terminal line. This problem
|
||
|
can be averted by disabling permissions which allow other users to
|
||
|
access the terminal line, but this unfortunately prevents programs
|
||
|
such as
|
||
|
.B write
|
||
|
from operating. Another solution is to use a version of the
|
||
|
.B write
|
||
|
program which filters out potentially dangerous character sequences,
|
||
|
make this program ``setgid'' to a special group, assign group ownership
|
||
|
of the terminal line to this special group, and assign permissions of
|
||
|
\fI0620\fR to the terminal line. The TTYGROUP definition has been
|
||
|
provided for just this situation. If this item is not defined, then
|
||
|
the group ownership of the terminal is initialized to the user's group
|
||
|
number. See TTYPERMS for related information.
|
||
|
.\"
|
||
|
.IP "TTYPERM (number)"
|
||
|
The login terminal permissions are initialized to this value. Typical
|
||
|
values will be \fI0622\fR to permit others write access to the line
|
||
|
or \fI0600\fR to secure the line from other users. If not specified,
|
||
|
the terminal permissions will be initialized to \fI0622\fR. See
|
||
|
TTYGROUP for related information.
|
||
|
.\"
|
||
|
.IP "TTYTYPE_FILE (string)"
|
||
|
This parameter specifies the full pathname to a file which maps terminal
|
||
|
lines to terminal types. Each line of the file contains a terminal
|
||
|
type and a terminal line, seperated by whitespace, for example:
|
||
|
.nf
|
||
|
.sp
|
||
|
.ft I
|
||
|
vt100\0 tty01
|
||
|
wyse60 tty02
|
||
|
\0\0.\0\0\0 \0\0.
|
||
|
\0\0.\0\0\0 \0\0.
|
||
|
\0\0.\0\0\0 \0\0.
|
||
|
.ft R
|
||
|
.sp
|
||
|
.fi
|
||
|
This information is used to initialize the TERM environment parameter.
|
||
|
A line starting with a ``#'' pound sign will be treated as a comment.
|
||
|
If this paramter is not specified, the file does not exist, or the terminal
|
||
|
line is not found in the file, then the TERM environment parameter will not
|
||
|
be set.
|
||
|
.\"
|
||
|
.IP "UID_MAX (number)"
|
||
|
XXX needs to be documented.
|
||
|
.IP "UID_MIN (number)"
|
||
|
XXX needs to be documented.
|
||
|
.\"
|
||
|
.IP "ULIMIT (long number)"
|
||
|
The file size limit is initialized to this value. This is supported
|
||
|
only on systems with a
|
||
|
.IR ulimit ,
|
||
|
e.g. System V. If not specified, the file size limit will be initialized
|
||
|
to some large value.
|
||
|
.\"
|
||
|
.IP "UMASK (number)"
|
||
|
The permission mask is initialized to this value. If not specified,
|
||
|
the permission mask will be initialized to zero.
|
||
|
.\"
|
||
|
.IP "USERDEL_CMD (string)"
|
||
|
XXX needs to be documented.
|
||
|
.\"
|
||
|
.SH CROSS REFERENCE
|
||
|
The following cross reference shows which programs in the shadow login
|
||
|
suite use which parameters.
|
||
|
.na
|
||
|
.IP login 12
|
||
|
CONSOLE DIALUPS_CHECK_ENAB ENV_HZ ENV_SUPATH ENV_TZ ERASECHAR FAILLOG_ENAB
|
||
|
FTMP_FILE HUSHLOGIN_FILE KILLCHAR LASTLOG_ENAB LOG_UNKFAIL_ENAB
|
||
|
MAIL_CHECK_ENAB MAIL_DIR MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
|
||
|
QUOTAS_ENAB TTYPERM TTYTYPE_FILE ULIMIT UMASK
|
||
|
.IP newusers 12
|
||
|
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE UMASK
|
||
|
.IP passwd 12
|
||
|
OBSCURE_CHECKS_ENAB PASS_MIN_LEN
|
||
|
.IP pwconv 12
|
||
|
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
|
||
|
.IP su 12
|
||
|
ENV_HZ ENV_SUPATH ENV_TZ HUSHLOGIN_FILE MAIL_CHECK_ENAB MAIL_DIR
|
||
|
MOTD_FILE NOLOGIN_STR QUOTAS_ENAB SULOG_FILE SYSLOG_SU_ENAB
|
||
|
.IP sulogin 12
|
||
|
ENV_HZ ENV_SUPATH ENV_TZ MAIL_DIR QUOTAS_ENAB TTYPERM
|
||
|
.ad
|
||
|
.SH BUGS
|
||
|
Some of the supported configuration parameters are not documented in this
|
||
|
manual page.
|
||
|
.SH SEE ALSO
|
||
|
.BR login (1),
|
||
|
.BR passwd (5),
|
||
|
.BR faillog (5),
|
||
|
.BR porttime (5),
|
||
|
.BR faillog (8)
|
||
|
.SH AUTHORS
|
||
|
Julianne Frances Haugh (jfh@bga.com)
|
||
|
.br
|
||
|
Chip Rosenthal (chip@unicom.com)
|