/[adm]/puppet/deployment/shadow/files/login.defs
ViewVC logotype

Annotation of /puppet/deployment/shadow/files/login.defs

Parent Directory Parent Directory | Revision Log Revision Log


Revision 863 - (hide annotations) (download)
Thu Jan 20 18:21:17 2011 UTC (13 years, 3 months ago) by boklm
File size: 5124 byte(s)
add shadow module for login.defs
1 boklm 863 # *REQUIRED*
2     # Directory where mailboxes reside, _or_ name of file, relative to the
3     # home directory. If you _do_ define both, MAIL_DIR takes precedence.
4     # QMAIL_DIR is for Qmail
5     #
6     #QMAIL_DIR Maildir
7     MAIL_DIR /var/spool/mail
8     #MAIL_FILE .mail
9    
10     # Password aging controls:
11     #
12     # PASS_MAX_DAYS Maximum number of days a password may be used.
13     # PASS_MIN_DAYS Minimum number of days allowed between password changes.
14     # PASS_MIN_LEN Minimum acceptable password length.
15     # PASS_WARN_AGE Number of days warning given before a password expires.
16     #
17     PASS_MAX_DAYS 99999
18     PASS_MIN_DAYS 0
19     #PASS_MIN_LEN 5
20     PASS_WARN_AGE 7
21    
22     #
23     # Min/max values for automatic uid selection in useradd
24     #
25     UID_MIN 500
26     UID_MAX 60000
27    
28     #
29     # Min/max values for automatic gid selection in groupadd
30     #
31     GID_MIN 500
32     GID_MAX 60000
33    
34     #
35     # If defined, this command is run when removing a user.
36     # It should remove any at/cron/print jobs etc. owned by
37     # the user to be removed (passed as the first argument).
38     #
39     # USERDEL_CMD /usr/sbin/userdel_local
40    
41     #
42     # If useradd should create home directories for users by default
43     # On RH systems, we do. This option is ORed with the -m flag on
44     # useradd command line.
45     #
46     CREATE_HOME yes
47    
48     #
49     # The password hashing method and iteration count to use for group
50     # passwords that may be set with gpasswd(1).
51     #
52     CRYPT_PREFIX $2a$
53     CRYPT_ROUNDS 8
54    
55     #
56     # Whether to use tcb password shadowing scheme. Use 'yes' if using
57     # tcb and 'no' if using /etc/shadow
58     #
59     USE_TCB no
60    
61     #
62     # Whether newly created tcb-style shadow files should be readable by
63     # group "auth".
64     #
65     TCB_AUTH_GROUP yes
66    
67     #
68     # Whether useradd should create symlinks rather than directories under
69     # /etc/tcb for newly created accounts with UIDs over 1000. See tcb(5)
70     # for information on why this may be needed.
71     #
72     TCB_SYMLINKS no
73    
74     #
75     # Delay in seconds before being allowed another attempt after a login failure
76     #
77     FAIL_DELAY 3
78    
79     #
80     # Enable display of unknown usernames when login failures are recorded.
81     #
82     LOG_UNKFAIL_ENAB no
83    
84     #
85     # Enable logging of successful logins
86     #
87     LOG_OK_LOGINS no
88    
89     #
90     # Enable "syslog" logging of su activity - in addition to sulog file logging.
91     # SYSLOG_SG_ENAB does the same for newgrp and sg.
92     #
93     SYSLOG_SU_ENAB yes
94     SYSLOG_SG_ENAB yes
95    
96     #
97     # If defined, either full pathname of a file containing device names or
98     # a ":" delimited list of device names. Root logins will be allowed only
99     # upon these devices.
100     #
101     CONSOLE /etc/securetty
102     #CONSOLE console:tty01:tty02:tty03:tty04
103    
104     #
105     # If defined, the command name to display when running "su -". For
106     # example, if this is defined as "su" then a "ps" will display the
107     # command is "-su". If not defined, then "ps" would display the
108     # name of the shell actually being run, e.g. something like "-sh".
109     #
110     SU_NAME su
111    
112     #
113     # If defined, file which inhibits all the usual chatter during the login
114     # sequence. If a full pathname, then hushed mode will be enabled if the
115     # user's name or shell are found in the file. If not a full pathname, then
116     # hushed mode will be enabled if the file exists in the user's home directory.
117     #
118     HUSHLOGIN_FILE .hushlogin
119     #HUSHLOGIN_FILE /etc/hushlogins
120    
121     #
122     # *REQUIRED* The default PATH settings, for superuser and normal users.
123     #
124     # (they are minimal, add the rest in the shell startup files)
125     ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
126     ENV_PATH PATH=/bin:/usr/bin
127    
128     #
129     # Terminal permissions
130     #
131     # TTYGROUP Login tty will be assigned this group ownership.
132     # TTYPERM Login tty will be set to this permission.
133     #
134     # If you have a "write" program which is "setgid" to a special group
135     # which owns the terminals, define TTYGROUP to the group number and
136     # TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
137     # TTYPERM to either 622 or 600.
138     #
139     TTYGROUP tty
140     TTYPERM 0600
141    
142     #
143     # Login configuration initializations:
144     #
145     # ERASECHAR Terminal ERASE character ('\010' = backspace).
146     # KILLCHAR Terminal KILL character ('\025' = CTRL/U).
147     # UMASK Default "umask" value.
148     # ULIMIT Default "ulimit" value.
149     #
150     # The ERASECHAR and KILLCHAR are used only on System V machines.
151     # The ULIMIT is used only if the system supports it.
152     # (now it works with setrlimit too; ulimit is in 512-byte units)
153     #
154     # Prefix these values with "0" to get octal, "0x" to get hexadecimal.
155     #
156     ERASECHAR 0177
157     KILLCHAR 025
158     UMASK 022
159     #ULIMIT 2097152
160    
161     #
162     # Max number of login retries if password is bad
163     #
164     LOGIN_RETRIES 5
165    
166     #
167     # Max time in seconds for login
168     #
169     LOGIN_TIMEOUT 60
170    
171     #
172     # Which fields may be changed by regular users using chfn - use
173     # any combination of letters "frwh" (full name, room number, work
174     # phone, home phone). If not defined, no changes are allowed.
175     # For backward compatibility, "yes" = "rwh" and "no" = "frwh".
176     #
177     CHFN_RESTRICT rwh
178    
179     #
180     # Should login be allowed if we can't cd to the home directory?
181     # Default in no.
182     #
183     DEFAULT_HOME yes
184    
185     #
186     # Enable setting of the umask group bits to be the same as owner bits
187     # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
188     # the same as gid, and username is the same as the primary group name.
189     #
190     # This also enables userdel to remove user groups if no members exist.
191     #
192     USERGROUPS_ENAB yes
193    

  ViewVC Help
Powered by ViewVC 1.1.30