[dragonfly.git] / etc / login.access

# $FreeBSD: src/etc/login.access,v 1.3 1999/08/27 23:23:42 peter Exp $
# $DragonFly: src/etc/login.access,v 1.2 2003/06/17 04:24:45 dillon Exp $
#
# Login access control table.
# 
# When someone logs in, the table is scanned for the first entry that
# matches the (user, host) combination, or, in case of non-networked
# logins, the first entry that matches the (user, tty) combination.  The
# permissions field of that table entry determines whether the login will 
# be accepted or refused.
# 
# Format of the login access control table is three fields separated by a
# ":" character:
# 
# 	permission : users : origins
# 
# The first field should be a "+" (access granted) or "-" (access denied)
# character. The second field should be a list of one or more login names,
# group names, or ALL (always matches).  The third field should be a list
# of one or more tty names (for non-networked logins), host names, domain
# names (begin with "."), host addresses, internet network numbers (end
# with "."), ALL (always matches) or LOCAL (matches any string that does
# not contain a "." character). If you run NIS you can use @netgroupname
# in host or user patterns.
#
# The EXCEPT operator makes it possible to write very compact rules.
#
# The group file is searched only when a name does not match that of the
# logged-in user. Only groups are matched in which users are explicitly
# listed: the program does not look at a user's primary group id value.
#
##############################################################################
# 
# Disallow console logins to all but a few accounts.
#
#-:ALL EXCEPT wheel shutdown sync:console
#
# Disallow non-local logins to privileged accounts (group wheel).
#
#-:wheel:ALL EXCEPT LOCAL .win.tue.nl
#
# Some accounts are not allowed to login from anywhere:
#
#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL
#
# All other accounts are allowed to login from anywhere.
#
Commit	Line	Data
984263bc	1	# $FreeBSD: src/etc/login.access,v 1.3 1999/08/27 23:23:42 peter Exp $
1de703da	2	# $DragonFly: src/etc/login.access,v 1.2 2003/06/17 04:24:45 dillon Exp $
984263bc MD	3	#
	4	# Login access control table.
	5	#
	6	# When someone logs in, the table is scanned for the first entry that
	7	# matches the (user, host) combination, or, in case of non-networked
	8	# logins, the first entry that matches the (user, tty) combination. The
	9	# permissions field of that table entry determines whether the login will
	10	# be accepted or refused.
	11	#
	12	# Format of the login access control table is three fields separated by a
	13	# ":" character:
	14	#
	15	# permission : users : origins
	16	#
	17	# The first field should be a "+" (access granted) or "-" (access denied)
	18	# character. The second field should be a list of one or more login names,
	19	# group names, or ALL (always matches). The third field should be a list
	20	# of one or more tty names (for non-networked logins), host names, domain
	21	# names (begin with "."), host addresses, internet network numbers (end
	22	# with "."), ALL (always matches) or LOCAL (matches any string that does
	23	# not contain a "." character). If you run NIS you can use @netgroupname
	24	# in host or user patterns.
	25	#
	26	# The EXCEPT operator makes it possible to write very compact rules.
	27	#
	28	# The group file is searched only when a name does not match that of the
	29	# logged-in user. Only groups are matched in which users are explicitly
	30	# listed: the program does not look at a user's primary group id value.
	31	#
	32	##############################################################################
	33	#
	34	# Disallow console logins to all but a few accounts.
	35	#
	36	#-:ALL EXCEPT wheel shutdown sync:console
	37	#
	38	# Disallow non-local logins to privileged accounts (group wheel).
	39	#
	40	#-:wheel:ALL EXCEPT LOCAL .win.tue.nl
	41	#
	42	# Some accounts are not allowed to login from anywhere:
	43	#
	44	#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL
	45	#
	46	# All other accounts are allowed to login from anywhere.
	47	#