Refer to
getcap(3) for a description of the file layout. An example entry is:
classname|Description entry:\
:capability=value:\
:booleancapability:\
...
:lastcapability=value:
All entries in the
login.conf file are either boolean or use a `=' to separate the capability from the value. The types are described after the capability table.
copyright
file
File containing additional copyright information. (If the file exists,
login(1) displays it before the welcome message.)
coredumpsize
size
Maximum coredump size limit.
host.allow
string
A comma-separated list of host name or IP address patterns from which a class is allowed access. Access is instead denied from any hosts preceded by ‘
!'. Patterns can contain the
sh(1)-style ‘
*' and ‘
?' wildcards. The
host.deny entry is checked before
host.allow. (Currently used only by
sshd(8).)
host.deny
string
A comma-separated list of host name or IP address patterns from which a class is denied access. Patterns as per
host.allow, although a matched pattern that has been negated with ‘
!' is ignored. (Currently used only by
sshd(8).)
hushlogin
bool
false
Same as having a
$HOME/.hushlogin file. See
login(1).
ignorenologin
bool
false
Not affected by
nologin files.
login-retries
number
10
Maximum number of login attempts allowed.
login-backoff
number
3
Number of login attempts after which to start random back-off.
maxproc
number
Maximum number of process.
memorylocked
size
Maximum locked in core memory size limit.
memoryuse
size
Maximum in core memoryuse size limit.
minpasswordlen
number
The minimum length a local password may be. Used by the
passwd(1) utility.
nologin
file
If the file exists it will be displayed and the login session will be terminated.
openfiles
number
Maximum number of open file descriptors per process.
passwordtime
time
Used by
passwd(1) to set next password expiry date.
password-warn
time
2w
If the user's password will expire within this length of time then warn the user of this.
priority
number
Initial priority (nice) level.
requirehome
bool
false
Require home directory to login.
sbsize
size
Maximum socket buffer size limit.
setenv
list
Comma or whitespace separated list of environment variables and values to be set. Commas and whitespace can be escaped using \\.
shell
program
Session shell to execute rather than the shell specified in the password file. The
SHELL environment variable will contain the shell specified in the password file.
stacksize
size
Maximum stack size limit.
tc
string
A "continuation" entry, which must be the last capability provided. More capabilities are read from the named entry. The capabilities given before
tc override those in the entry invoked by
tc.
term
string
su
Default terminal type if not able to determine from other means.
umask
number
022
Initial umask. Should always have a leading
0 to assure octal interpretation. See
umask(2).
welcome
file
/etc/motd
File containing welcome message.
login(1) displays this and
sshd(8) sends this.
The resource limit entries (
coredumpsize,
cputime,
datasize,
filesize,
maxproc,
memorylocked,
memoryuse,
openfiles,
sbsize, and
stacksize) actually specify both the maximum and current limits (see
getrlimit(2)). The current limit is the one normally used, although the user is permitted to increase the current limit to the maximum limit. The maximum and current limits may be specified individually by appending a ‘
-max' or ‘
-cur' to the capability name (e.g.,
openfiles-max and
openfiles-cur).
NetBSD will never define capabilities which start with
x- or
X-, these are reserved for external use (unless included through contributed software).
The argument types are defined as:
bool
If the name is present, then the boolean value is true; otherwise, it is false.
file
Path name to a text file.
list
A comma or whitespace separated list of values.
number
A number. A leading 0x implies the number is expressed in hexadecimal. A leading 0 implies the number is expressed in octal. Any other number is treated as decimal.
path
A space separated list of path names. If a ‘~' is the first character in the path name, the ‘~' is expanded to the user's home directory.
program
A path name to program.
size
A number which expresses a size in bytes. It may have a trailing b to multiply the value by 512, a k to multiply the value by 1 K (1024), and a m to multiply the value by 1 M (1048576).
time
A time in seconds. A time may be expressed as a series of numbers which are added together. Each number may have a trailing character to represent time units:
y
Indicates a number of 365 day years.
w
Indicates a number of 7 day weeks.
d
Indicates a number of 24 hour days.
h
Indicates a number of 60 minute hours.
m
Indicates a number of 60 second minutes.
s
Indicates a number of seconds.
For example, to indicate 1 and 1/2 hours, the following string could be used:
1h30m.