shadow/etc/login.defs

214 lines
5.2 KiB
Plaintext

#
# /etc/login.defs - Configuration control definitions for the login package.
#
# $Id: login.defs,v 1.5 2003/05/04 20:09:43 kloczek Exp $
#
# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
# If unspecified, some arbitrary (and possibly incorrect) value will
# be assumed. All other items are optional - if not specified then
# the described action or option will be inhibited.
#
# Comment lines (lines beginning with "#") and blank lines are ignored.
#
#
# Delay in seconds before being allowed another attempt after a login failure
#
FAIL_DELAY 5
#
# Enable logging and display of /var/log/faillog login failure info.
#
FAILLOG_ENAB yes
#
# Enable display of unknown usernames when login failures are recorded.
#
LOG_UNKFAIL_ENAB yes
#
# Enable logging and display of /var/log/lastlog login time info.
#
LASTLOG_ENAB yes
#
# Enable checking and display of mailbox status upon login.
#
MAIL_CHECK_ENAB yes
#
# Enable additional checks upon password changes.
#
OBSCURE_CHECKS_ENAB yes
#
# Enable checking of time restrictions specified in /etc/porttime.
#
PORTTIME_CHECKS_ENAB yes
#
# Enable setting of ulimit, umask, and niceness from passwd gecos field.
#
QUOTAS_ENAB yes
#
# Enable "syslog" logging of su activity - in addition to sulog file logging.
# SYSLOG_SG_ENAB does the same for newgrp and sg.
#
SYSLOG_SU_ENAB no
SYSLOG_SG_ENAB no
#
# If defined, either full pathname of a file containing device names or
# a ":" delimited list of device names. Root logins will be allowed only
# upon these devices.
#
CONSOLE /etc/consoles
#CONSOLE console:tty01:tty02:tty03:tty04
#
# If defined, all su activity is logged to this file.
#
SULOG_FILE /var/log/sulog
#
# If defined, ":" delimited list of "message of the day" files to
# be displayed upon login.
#
MOTD_FILE /etc/motd
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
#
# If defined, this file will be output before each login prompt.
#
#ISSUE_FILE /etc/issue
#
# If defined, file which maps tty line to TERM environment parameter.
# Each line of the file is in a format something like "vt100 tty01".
#
TTYTYPE_FILE /etc/ttytype
#
# If defined, login failures will be logged here in a utmp format.
#
FTMP_FILE /etc/ftmp
#
# If defined, name of file whose presence which will inhibit non-root
# logins. The contents of this file should be a message indicating
# why logins are inhibited.
#
NOLOGINS_FILE /etc/nologins
#
# If defined, the command name to display when running "su -". For
# example, if this is defined as "su" then a "ps" will display the
# command is "-su". If not defined, then "ps" would display the
# name of the shell actually being run, e.g. something like "-sh".
#
SU_NAME su
#
# *REQUIRED*
# Directory where mailboxes reside, _or_ name of file, relative to the
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
# MAILDIR is for Qmail
#
#MAILDIR Maildir
MAIL_DIR /var/mail
#MAIL_FILE .mail
#
# If defined, file which inhibits all the usual chatter during the login
# sequence. If a full pathname, then hushed mode will be enabled if the
# user's name or shell are found in the file. If not a full pathname, then
# hushed mode will be enabled if the file exists in the user's home directory.
#
#HUSHLOGIN_FILE .hushlogin
HUSHLOGIN_FILE /etc/hushlogins
#
# If defined, the presence of this value in an /etc/passwd "shell" field will
# disable logins for that user, although "su" will still be allowed.
#
NOLOGIN_STR NOLOGIN
#
# If defined, either a TZ environment parameter spec or the
# fully-rooted pathname of a file containing such a spec.
#
ENV_TZ TZ=CST6CDT
#ENV_TZ /etc/tzname
#
# If defined, an HZ environment parameter spec.
#
ENV_HZ HZ=50
#
# *REQUIRED* The default PATH settings, for superuser and normal users.
#
ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
ENV_PATH PATH=/bin:/usr/bin
#
# Terminal permissions
#
# TTYGROUP Login tty will be assigned this group ownership.
# TTYPERM Login tty will be set to this permission.
#
# If you have a "write" program which is "setgid" to a special group
# which owns the terminals, define TTYGROUP to the group number and
# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
# TTYPERM to either 622 or 600.
#
#TTYGROUP 7
#TTYPERM 0620
TTYPERM 0622
#
# Login configuration initializations:
#
# ERASECHAR Terminal ERASE character ('\010' = backspace).
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
# UMASK Default "umask" value.
# ULIMIT Default "ulimit" value.
#
# The ERASECHAR and KILLCHAR are used only on System V machines.
# The ULIMIT is used only if the system supports it.
#
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
#
ERASECHAR 010
KILLCHAR 025
UMASK 022
ULIMIT 2097152
#
# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7
#
# Only allow group 0 members to "su" to root.
#
SU_WHEEL_ONLY no
#
# If compiled with cracklib support, where are the dictionaries
#
#CRACKLIB_DICTPATH /usr/share/lib/pw_dict
# chkpasswd uses this one
MD5_CRYPT_ENAB yes