| # |
| # /etc/login.defs - Configuration control definitions for the login package. |
| # |
| # $Id: login.defs,v 1.6 2006/03/12 23:47:08 flameeyes Exp $ |
| # |
| # Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. |
| # If unspecified, some arbitrary (and possibly incorrect) value will |
| # be assumed. All other items are optional - if not specified then |
| # the described action or option will be inhibited. |
| # |
| # Comment lines (lines beginning with "#") and blank lines are ignored. |
| # |
| # Modified for Linux. --marekm |
| |
| # |
| # Delay in seconds before being allowed another attempt after a login failure |
| # |
| FAIL_DELAY 3 |
| |
| # |
| # Enable display of unknown usernames when login failures are recorded. |
| # |
| LOG_UNKFAIL_ENAB no |
| |
| # |
| # Enable logging of successful logins |
| # |
| LOG_OK_LOGINS no |
| |
| # |
| # Enable "syslog" logging of su activity - in addition to sulog file logging. |
| # SYSLOG_SG_ENAB does the same for newgrp and sg. |
| # |
| SYSLOG_SU_ENAB yes |
| SYSLOG_SG_ENAB yes |
| |
| # |
| # If defined, either full pathname of a file containing device names or |
| # a ":" delimited list of device names. Root logins will be allowed only |
| # upon these devices. |
| # |
| CONSOLE /etc/securetty |
| #CONSOLE console:tty01:tty02:tty03:tty04 |
| |
| # |
| # If defined, all su activity is logged to this file. |
| # |
| #SULOG_FILE /var/log/sulog |
| |
| # |
| # If defined, file which maps tty line to TERM environment parameter. |
| # Each line of the file is in a format something like "vt100 tty01". |
| # |
| #TTYTYPE_FILE /etc/ttytype |
| |
| # |
| # If defined, the command name to display when running "su -". For |
| # example, if this is defined as "su" then a "ps" will display the |
| # command is "-su". If not defined, then "ps" would display the |
| # name of the shell actually being run, e.g. something like "-sh". |
| # |
| SU_NAME su |
| |
| # |
| # *REQUIRED* |
| # Directory where mailboxes reside, _or_ name of file, relative to the |
| # home directory. If you _do_ define both, MAIL_DIR takes precedence. |
| # |
| MAIL_DIR /var/spool/mail |
| |
| # |
| # If defined, file which inhibits all the usual chatter during the login |
| # sequence. If a full pathname, then hushed mode will be enabled if the |
| # user's name or shell are found in the file. If not a full pathname, then |
| # hushed mode will be enabled if the file exists in the user's home directory. |
| # |
| HUSHLOGIN_FILE .hushlogin |
| #HUSHLOGIN_FILE /etc/hushlogins |
| |
| # |
| # *REQUIRED* The default PATH settings, for superuser and normal users. |
| # |
| # (they are minimal, add the rest in the shell startup files) |
| ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin |
| ENV_PATH PATH=/bin:/usr/bin |
| |
| # |
| # Terminal permissions |
| # |
| # TTYGROUP Login tty will be assigned this group ownership. |
| # TTYPERM Login tty will be set to this permission. |
| # |
| # If you have a "write" program which is "setgid" to a special group |
| # which owns the terminals, define TTYGROUP to the group number and |
| # TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign |
| # TTYPERM to either 622 or 600. |
| # |
| TTYGROUP tty |
| TTYPERM 0600 |
| |
| # |
| # Login configuration initializations: |
| # |
| # ERASECHAR Terminal ERASE character ('\010' = backspace). |
| # KILLCHAR Terminal KILL character ('\025' = CTRL/U). |
| # UMASK Default "umask" value. |
| # |
| # The ERASECHAR and KILLCHAR are used only on System V machines. |
| # The ULIMIT is used only if the system supports it. |
| # (now it works with setrlimit too; ulimit is in 512-byte units) |
| # |
| # Prefix these values with "0" to get octal, "0x" to get hexadecimal. |
| # |
| ERASECHAR 0177 |
| KILLCHAR 025 |
| UMASK 022 |
| |
| # |
| # Password aging controls: |
| # |
| # PASS_MAX_DAYS Maximum number of days a password may be used. |
| # PASS_MIN_DAYS Minimum number of days allowed between password changes. |
| # PASS_WARN_AGE Number of days warning given before a password expires. |
| # |
| PASS_MAX_DAYS 99999 |
| PASS_MIN_DAYS 0 |
| PASS_WARN_AGE 7 |
| |
| # |
| # Min/max values for automatic uid selection in useradd |
| # |
| UID_MIN 1000 |
| UID_MAX 60000 |
| |
| # |
| # Min/max values for automatic gid selection in groupadd |
| # |
| GID_MIN 100 |
| GID_MAX 60000 |
| |
| # |
| # Max number of login retries if password is bad |
| # |
| LOGIN_RETRIES 3 |
| |
| # |
| # Max time in seconds for login |
| # |
| LOGIN_TIMEOUT 60 |
| |
| # |
| # Which fields may be changed by regular users using chfn - use |
| # any combination of letters "frwh" (full name, room number, work |
| # phone, home phone). If not defined, no changes are allowed. |
| # For backward compatibility, "yes" = "rwh" and "no" = "frwh". |
| # |
| CHFN_RESTRICT rwh |
| |
| # |
| # List of groups to add to the user's supplementary group set |
| # when logging in on the console (as determined by the CONSOLE |
| # setting). Default is none. |
| # |
| # Use with caution - it is possible for users to gain permanent |
| # access to these groups, even when not logged in on the console. |
| # How to do it is left as an exercise for the reader... |
| # |
| #CONSOLE_GROUPS floppy:audio:cdrom |
| |
| # |
| # Should login be allowed if we can't cd to the home directory? |
| # Default in no. |
| # |
| DEFAULT_HOME yes |
| |
| # |
| # If defined, this command is run when removing a user. |
| # It should remove any at/cron/print jobs etc. owned by |
| # the user to be removed (passed as the first argument). |
| # |
| #USERDEL_CMD /usr/sbin/userdel_local |
| |
| # |
| # When prompting for password without echo, getpass() can optionally |
| # display a random number (in the range 1 to GETPASS_ASTERISKS) of '*' |
| # characters for each character typed. This feature is designed to |
| # confuse people looking over your shoulder when you enter a password :-). |
| # Also, the new getpass() accepts both Backspace (8) and Delete (127) |
| # keys to delete previous character (to cope with different terminal |
| # types), Control-U to delete all characters, and beeps when there are |
| # no more characters to delete, or too many characters entered. |
| # |
| # Setting GETPASS_ASTERISKS to 1 results in more traditional behaviour - |
| # exactly one '*' displayed for each character typed. |
| # |
| # Setting GETPASS_ASTERISKS to 0 disables the '*' characters (Backspace, |
| # Delete, Control-U and beep continue to work as described above). |
| # |
| # Setting GETPASS_ASTERISKS to -1 reverts to the traditional getpass() |
| # without any new features. This is the default. |
| # |
| GETPASS_ASTERISKS 0 |
| |
| # |
| # Enable setting of the umask group bits to be the same as owner bits |
| # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is |
| # the same as gid, and username is the same as the primary group name. |
| # |
| # This also enables userdel to remove user groups if no members exist. |
| # |
| USERGROUPS_ENAB yes |
| |