.\"Generated by db2man.xsl. Don't modify this, modify the source. .de Sh \" Subsection .br .if t .Sp .ne 5 .PP \fB\\$1\fR .PP .. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Ip \" List item .br .ie \\n(.$>=3 .ne \\$3 .el .ne 3 .IP "\\$1" \\$2 .. .TH "LOGIN.DEFS" 5 "" "" "" .SH NAME login.defs \- shadow password suite configuration .SH "DESCRIPTION" .PP The \fI/etc/login\&.defs\fR file defines the site\-specific configuration for the shadow password suite\&. This file is required\&. Absence of this file will not prevent system operation, but will probably result in undesirable operation\&. .PP This file is a readable text file, each line of the file describing one configuration parameter\&. The lines consist of a configuration name and value, separated by whitespace\&. Blank lines and comment lines are ignored\&. Comments are introduced with a `#' pound sign and the pound sign must be the first non\-white character of the line\&. .PP Parameter values may be of four types: strings, booleans, numbers, and long numbers\&. A string is comprised of any printable characters\&. A boolean should be either the value “yes” or “no”\&. An undefined boolean parameter or one with a value other than these will be given a “no” value\&. Numbers (both regular and long) may be either decimal values, octal values (precede the value with “0”) or hexadecimal values (precede the value with “0x”)\&. The maximum value of the regular and long numeric parameters is machine\-dependent\&. .PP The following configuration items are provided: .TP CHFN_AUTH (boolean) If \fIyes\fR, the \fBchfn\fR and \fBchsh\fR programs will require authentication before making any changes, unless run by the superuser\&. .TP CHFN_RESTRICT (string) This parameter specifies which values in the \fIgecos\fR field of the \fI/etc/passwd\fR file may be changed by regular users using the \fBchfn\fR program\&. It can be any combination of letters \fIf\fR ,\fIr\fR, \fIw\fR, \fIh\fR, for Full name, Room number, Work phone, and Home phone, respectively\&. For backward compatibility, "yes" is equivalent to "rwh" and "no" is equivalent to "frwh"\&. If not specified, only the superuser can make any changes\&. The most restrictive setting is better achieved by not installing chfn SUID\&. .TP CREATE_HOME (boolean) This defines whether useradd should create home directories for users by default\&. This option is OR'ed with the \fB\-m\fR flag on useradd command line\&. .TP GID_MAX (number), GID_MIN (number) Range of group IDs to choose from for the \fBuseradd\fR and \fBgroupadd\fRprograms\&. .TP MAIL_DIR (string) The mail spool directory\&. This is needed to manipulate the mailbox when its corresponding user account is modified or deleted\&. If not specified, a compile\-time default is used\&. .TP PASS_MAX_DAYS (number) The maximum number of days a password may be used\&. If the password is older than this, a password change will be forced\&. If not specified, \-1 will be assumed (which disables the restriction)\&. .TP PASS_MIN_DAYS (number) The minimum number of days allowed between password changes\&. Any password changes attempted sooner than this will be rejected\&. If not specified, \-1 will be assumed (which disables the restriction)\&. .TP PASS_WARN_AGE (number) The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a negative value means no warning is given\&. If not specified, no warning will be provided\&. .PP PASS_MAX_DAYS, PASS_MIN_DAYS and PASS_WARN_AGE are only used at the time of account creation\&. Any changes to these settings won't affect existing accounts\&. .TP UID_MAX (number), UID_MIN (number) Range of user IDs to choose from for the \fBuseradd\fR program\&. .TP UMASK (number) The permission mask is initialized to this value\&. If not specified, the permission mask will be initialized to 077\&. .TP USERDEL_CMD (string) If defined, this command is run when removing a user\&. It should remove any at/cron/print jobs etc\&. owned by the user to be removed (passed as the first argument)\&. .SH "CROSS REFERENCE" .PP The following cross reference shows which programs in the shadow password suite use which parameters\&. .TP chfn CHFN_AUTH CHFN_RESTRICT .TP chsh CHFN_AUTH .TP groupadd GID_MAX GID_MIN .TP newusers PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE UMASK .TP pwconv PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE .TP useradd CREATE_HOME GID_MAX GID_MIN PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE UID_MAX UID_MIN UMASK .TP userdel MAIL_DIR USERDEL_CMD .TP usermod MAIL_DIR .SH "BUGS" .PP Much of the functionality that used to be provided by the shadow password suite is now handled by PAM\&. Thus, \fI/etc/login\&.defs\fR is no longer used by programs such as: \fBlogin\fR(1), \fBpasswd\fR(1), \fBsu\fR(1)\&. Please refer to the corresponding PAM configuration files instead\&. .SH "SEE ALSO" .PP \fBlogin\fR(1), \fBpasswd\fR(1), \fBsu\fR(1), \fBpasswd\fR(5), \fBshadow\fR(5), \fBpam\fR(8) .SH "AUTHORS" .PP Julianne Frances Haugh (jockgrrl@ix\&.netcom\&.com) Chip Rosenthal (chip@unicom\&.com)