|
Hopefully, this page is exactly what you are looking for, but if not, you can always find further assistance on Unix/Linux Forum!
LOGIN(5) LOGIN(5)
NAME
/etc/login.defs - Login configuration
DESCRIPTION
The /etc/login.defs file defines the site-specific configuration for
the shadow login suite. This file is required. Absence of this file
will not prevent system operation, but will probably result in undesir-
able operation.
This file is a readable text file, each line of the file describing one
configuration parameter. The lines consist of a configuration name and
value, seperated by whitespace. Blank lines and comment lines are
ignored. Comments are introduced with a `#' pound sign and the pound
sign must be the first non-white character of the line.
Parameter values may be of four types: strings, booleans, numbers, and
long numbers. A string is comprised of any printable characters. A
boolean should be either the value ``yes'' or ``no''. An undefined
boolean parameter or one with a value other than these will be given a
``no'' value. Numbers (both regular and long) may be either decimal
values, octal values (precede the value with ``0'') or hexadecimal val-
ues (precede the value with ``0x''). The maximum value of the regular
and long numeric parameters is machine-dependant.
The following configuration items are provided:
CHARACTER_CLASS (string)
User accounts and Group names have to match the regex expression
of this variable.
CHFN_AUTH (boolean)
If yes, the chfn and chsh programs will ask for password before
making any changes, unless run by the superuser.
CHFN_RESTRICT (string)
This parameter specifies which values in the gecos field of the
passwd file may be changed by regular users using the chfn pro-
gram. It can be any combination of letters f, r, w, h, for Full
name, Room number, Work phone, and Home phone, respectively. If
not specified, only the superuser can make any changes.
DEFAULT_HOME (boolean)
If the home directory of a user is not reachable, should the use
be allowed to login ?
ENV_PATH (string)
This parameter must be defined as the search path for regular
users. When a login with UID other than zero occurs, the PATH
environment parameter is initialized to this value.
ENV_ROOTPATH (string)
This parameter must be defined as the search path for root.
FAIL_DELAY (number)
Delay time in seconds after each failed login attempt.
FTMP_FILE (string)
If defined and the file exist, login failures will be logged
here in a utmp format. last, when invoked as lastb, will read
/var/log/btmp, so you should use this file if any.
GID_MAX (number)
GID_MIN (number)
Range of group IDs to choose from for the groupadd program.
HUSHLOGIN_FILE (string)
This parameter is used to establish ``hushlogin'' conditions.
There are two possible ways to establish these conditions.
First, if the value of this parameter is a filename and that
file exists in the user's home directory then ``hushlogin'' con-
ditions will be in effect. The contents of this file are
ignored; its mere presence triggers ``hushlogin'' conditions.
Second, if the value of this parameter is a full pathname and
either the user's login name or the user's shell is found in
this file, then ``hushlogin'' conditions will be in effect. In
this case, the file should be in a format similar to:
demo
/usr/lib/uucp/uucico
.
.
.
If this parameter is not defined, then ``hushlogin'' conditions
will never occur. When ``hushlogin'' conditions are estab-
lished, the message of the day, last successful and unsuccessful
login display, mail status display, and password aging checks
are suppressed. Note that allowing hushlogin files in user home
directories allows the user to disable password aging checks.
See MOTD_FILE and LASTLOG_ENAB for related information. Futures
enabled through PAM modules are not affected by this. pam_mail
will show if there is new mail or not.
LASTLOG_ENAB (boolean)
If yes, and if the /var/log/lastlog file exists, then a success-
ful user login will be recorded to this file. Furthermore, if
this option is enabled then the times of the most recent suc-
cessful and unsuccessful logins will be displayed to the user
upon login. If ``hushlogin'' conditions are in effect, then both
the successful and unsuccessful login information will be sup-
pressed.
LOG_UNKFAIL_ENAB (boolean)
If yes then unknown usernames will be included when a login
failure is recorded. Note that this is a potential security
risk; a common login failure mode is transposition of the user
name and password, thus this mode will often cause passwords to
accumulate in the failure logs. If this option is disabled then
unknown usernames will be suppressed in login failure messages.
LOGIN_RETRIES (number)
Number of login attempts allowed before the login program exits.
LOGIN_TIMEOUT (number)
Time in seconds after the login program exits if the user
doesn't type his password.
MOTD_FILE (string)
This parameter specifies a colon-delimited list of pathnames to
``message of the day'' files. If a specified file exists, then
its contents are displayed to the user upon login. If this
parameter is not defined or ``hushlogin'' login conditions are
in effect, this information will be suppressed.
PASS_MIN_DAYS (number)
The minimum number of days allowed between password changes.
Any password changes attempted sooner than this will be
rejected. If not specified, a zero value will be assumed.
PASS_MAX_DAYS (number)
The maximum number of days a password may be used. If the pass-
word is older than this, then the account will be locked. If
not specified, a large value will be assumed.
PASS_WARN_AGE (number)
The number of days warning given before a password expires. A
zero means warning is given only upon the day of expiration, a
negative value means no warning is given. If not specified, no
warning will be provided.
SYSTEM_GID_MAX (number)
Max group ID value used by automatic gid selection in groupadd
for system groups
SYSTEM_GID_MIN (number)
Min group ID value used by automatic gid selection in groupadd
for system groups
SYSTEM_UID_MAX (number)
Max user ID value used by automatic uid selection in useradd for
system accounts
SYSTEM_UID_MIN (number)
Min user ID value used by automatic uid selection in useradd for
system accounts
TTYGROUP (string or number)
The group ownership of the terminal is initialized to this group
name or number. One well-known security attack involves forcing
terminal control sequences upon another user's terminal line.
This problem can be averted by disabling permissions which allow
other users to access the terminal line, but this unfortunately
prevents programs such as write from operating. Another solu-
tion is to use a version of the write program which filters out
potentially dangerous character sequences, make this program
``setgid'' to a special group, assign group ownership of the
terminal line to this special group, and assign permissions of
0620 to the terminal line. The TTYGROUP definition has been
provided for just this situation. If this item is not defined,
then the group ownership of the terminal is initialized to the
user's group number. See TTYPERMS for related information.
TTYPERM (number)
The login terminal permissions are initialized to this value.
Typical values will be 0622 to permit others write access to the
line or 0600 to secure the line from other users. If not speci-
fied, the terminal permissions will be initialized to 0622. See
TTYGROUP for related information.
TTYTYPE_FILE (string)
This parameter specifies the full pathname to a file which maps
terminal lines to terminal types. Each line of the file con-
tains a terminal type and a terminal line, seperated by whites-
pace, for example:
vt100 tty01
wyse60 tty02
. .
. .
. .
This information is only used to initialize the TERM environment
parameter when it does not already exist. A line starting with
a ``#'' pound sign will be treated as a comment. If this
paramter is not specified, the file does not exist, or the ter-
minal line is not found in the file, then the TERM environment
parameter will not be set.
UID_MAX (number)
Max user ID value for automatic uid selection in useradd
UID_MIN (number)
Min user ID value for automatic uid selection in useradd
UMASK (number)
The permission mask is initialized to this value. It is used by
useradd and newusers for creating new home directories. If not
specified, the permission mask will be initialized to 0077.
USERADD_CMD (string)
If defined, this command is run after adding a user with user-
add. It can, for example, rebuild the NIS maps in this script.
USERDEL_PRECMD (string)
If defined, this command is run before removing a user with
userdel. It should remove any at/cron/print jobs etc. owned by
the user to be removed (passed as the first argument).
USERDEL_POSTCMD (string)
If defined, this command is run after removing a user with
userdel. It can, for example, rebuild any NIS database etc. to
remove the account from it.
CROSS REFERENCE
The following cross reference shows which programs in the shadow login
suite use which parameters.
login DEFAULT_HOME ENV_PATH ENV_ROOTPATH FAIL_DELAY FTMP_FILE
HUSHLOGIN_FILE LASTLOG_ENAB LOG_UNKFAIL_ENAB LOGIN_RETRIES
LOGIN_TIMEOUT MOTD_FILE TTYPERM TTYTYPE_FILE
newusers PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE UMASK
passwd OBSCURE_CHECKS_ENAB PASS_MAX_LEN PASS_MIN_LEN
PASS_ALWAYS_WARN CRACKLIB_DICTPATH PASS_CHANGE_TRIES
pwconv PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
BUGS
Some of the supported configuration parameters are not documented in
this manual page.
SEE ALSO
login(1), passwd(5)
AUTHORS
Julianne Frances Haugh (jockgrrl@ix.netcom.com)
Thorsten Kukuk (kukuk@thkukuk.de)
LOGIN(5)
Man(1) output converted with
man2html and wrapped by fishsponge
This page was generated on Sat Sep 8 16:39:56 GMT 2007
|
Your favourite pages:
No pages logged yet.
Trying to save cookie... Top 10 most popular pages:
svn man page (6164 hits)
(FreeBSD 6.2)
sqlite3 man page (5598 hits)
(openSUSE 10.2)
adv_cap_autoneg man page (5045 hits)
(Solaris 10 11_06)
CPAN man page (4791 hits)
(Suse Linux 10.1)
ssh man page (4439 hits)
(Suse Linux 10.1)
ssh-socks5-proxy-connect man page (3525 hits)
(Solaris 10 11_06)
signal man page (3395 hits)
(Suse Linux 10.1)
netcat man page (3381 hits)
(Suse Linux 10.1)
pprosetup man page (2889 hits)
(Solaris 10 11_06)
startproc man page (2738 hits)
(Suse Linux 10.1)
|
Man Pages 
