183 lines
6.3 KiB
Groff
183 lines
6.3 KiB
Groff
.\" Copyright 1991 - 1993, Julianne Frances Haugh and Chip Rosenthal
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. Neither the name of Julianne F. Haugh nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" $Id: login.defs.5,v 1.11 2002/03/08 04:39:11 kloczek Exp $
|
|
.\"
|
|
.TH LOGIN.DEFS 5
|
|
.SH NAME
|
|
/etc/login.defs \- shadow password suite configuration
|
|
.SH DESCRIPTION
|
|
The
|
|
.I /etc/login.defs
|
|
file defines the site-specific configuration for the shadow password
|
|
suite. This file is required. Absence of this file will not prevent
|
|
system operation, but will probably result in undesirable operation.
|
|
.PP
|
|
This file is a readable text file, each line of the file describing
|
|
one configuration parameter. The lines consist of a configuration
|
|
name and value, separated by whitespace. Blank lines and comment
|
|
lines are ignored. Comments are introduced with a `#' pound sign and
|
|
the pound sign must be the first non-white character of the line.
|
|
.PP
|
|
Parameter values may be of four types: strings, booleans, numbers,
|
|
and long numbers. A string is comprised of any printable characters.
|
|
A boolean should be either the value ``yes'' or ``no''. An undefined
|
|
boolean parameter or one with a value other than these will be given
|
|
a ``no'' value. Numbers (both regular and long) may be either decimal
|
|
values, octal values (precede the value with ``0'') or hexadecimal
|
|
values (precede the value with ``0x''). The maximum value of the
|
|
regular and long numeric parameters is machine-dependent.
|
|
.PP
|
|
The following configuration items are provided:
|
|
.\"
|
|
.IP "CHFN_AUTH (boolean)"
|
|
If
|
|
.IR yes ,
|
|
the
|
|
.B chfn
|
|
and
|
|
.B chsh
|
|
programs will require authentication before making any changes, unless
|
|
run by the superuser.
|
|
.\"
|
|
.IP "CHFN_RESTRICT (string)"
|
|
This parameter specifies which values in the
|
|
.I gecos
|
|
field of the
|
|
.I passwd
|
|
file may be changed by regular users using the
|
|
.B chfn
|
|
program. It can be any combination of letters
|
|
.IR f ,
|
|
.IR r ,
|
|
.IR w ,
|
|
.IR h ,
|
|
for Full name, Room number, Work phone, and Home phone, respectively.
|
|
For backward compatibility, "yes" is equivalent to "rwh"
|
|
and "no" is equivalent to "frwh".
|
|
If not specified, only the superuser can make any changes.
|
|
The most restrictive setting is better achieved by not installing chfn SUID.
|
|
.\"
|
|
.IP "CREATE_HOME (boolean)"
|
|
This defines whether useradd should create home directories for users by
|
|
default. This option is OR'ed with the -m flag on useradd command line.
|
|
.\"
|
|
.IP "GID_MAX (number)"
|
|
.IP "GID_MIN (number)"
|
|
Range of group IDs to choose from for the
|
|
.B useradd
|
|
and
|
|
.B groupadd
|
|
programs.
|
|
.\"
|
|
.IP "MAIL_DIR (string)"
|
|
The mail spool directory. This is needed to manipulate the mailbox when
|
|
its corresponding user account is modified or deleted. If not specified,
|
|
a compile-time default is used.
|
|
.\"
|
|
.IP "PASS_MAX_DAYS (number)"
|
|
The maximum number of days a password may be used. If the password is
|
|
older than this, a password change will be forced. If not specified, -1
|
|
will be assumed (which disables the restriction).
|
|
.IP "PASS_MIN_DAYS (number)"
|
|
The minimum number of days allowed between password changes. Any password
|
|
changes attempted sooner than this will be rejected. If not specified, -1
|
|
will be assumed (which disables the restriction).
|
|
.IP "PASS_WARN_AGE (number)"
|
|
The number of days warning given before a password expires. A zero means
|
|
warning is given only upon the day of expiration, a negative value means
|
|
no warning is given. If not specified, no warning will be provided.
|
|
.PP
|
|
PASS_MAX_DAYS, PASS_MIN_DAYS and PASS_WARN_AGE
|
|
are only used at the time of account creation. Any changes to these
|
|
settings won't affect existing accounts.
|
|
.\"
|
|
.IP "UID_MAX (number)"
|
|
.IP "UID_MIN (number)"
|
|
Range of user IDs to choose from for the
|
|
.B useradd
|
|
program.
|
|
.\"
|
|
.IP "UMASK (number)"
|
|
The permission mask is initialized to this value. If not specified,
|
|
the permission mask will be initialized to 077.
|
|
.\"
|
|
.IP "USERDEL_CMD (string)"
|
|
If defined, this command is run when removing a user.
|
|
It should remove any at/cron/print jobs etc. owned by
|
|
the user to be removed (passed as the first argument).
|
|
.\"
|
|
.SH CROSS REFERENCE
|
|
The following cross reference shows which programs in the shadow password
|
|
suite use which parameters.
|
|
.na
|
|
.IP chfn 12
|
|
CHFN_AUTH CHFN_RESTRICT
|
|
.IP chsh 12
|
|
CHFN_AUTH
|
|
.IP groupadd 12
|
|
GID_MAX GID_MIN
|
|
.IP newusers 12
|
|
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
|
|
UMASK
|
|
.IP pwconv 12
|
|
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
|
|
.IP useradd 12
|
|
CREATE_HOME
|
|
GID_MAX GID_MIN
|
|
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
|
|
UID_MAX UID_MIN
|
|
UMASK
|
|
.IP userdel 12
|
|
MAIL_DIR
|
|
USERDEL_CMD
|
|
.IP usermod 12
|
|
MAIL_DIR
|
|
.ad
|
|
.SH BUGS
|
|
Much of the functionality that used to be provided by the shadow password
|
|
suite is now handled by PAM.
|
|
Thus,
|
|
.I /etc/login.defs
|
|
is no longer used by programs such as
|
|
.BR login (1),
|
|
.BR passwd (1)
|
|
and
|
|
.BR su (1).
|
|
Please refer to the corresponding PAM configuration files instead.
|
|
.SH SEE ALSO
|
|
.BR login (1),
|
|
.BR passwd (1),
|
|
.BR su (1),
|
|
.BR passwd (5),
|
|
.BR shadow (5),
|
|
.BR pam (8)
|
|
.SH AUTHORS
|
|
Julianne Frances Haugh (jockgrrl@ix.netcom.com)
|
|
.br
|
|
Chip Rosenthal (chip@unicom.com)
|