/[adm]/puppet/deployment/shadow/files/login.defs
ViewVC logotype

Contents of /puppet/deployment/shadow/files/login.defs

Parent Directory Parent Directory | Revision Log Revision Log


Revision 866 - (show annotations) (download)
Thu Jan 20 18:27:30 2011 UTC (13 years, 3 months ago) by boklm
File size: 5124 byte(s)
set UID_MAX and GID_MAX to 2000
1 # *REQUIRED*
2 # Directory where mailboxes reside, _or_ name of file, relative to the
3 # home directory. If you _do_ define both, MAIL_DIR takes precedence.
4 # QMAIL_DIR is for Qmail
5 #
6 #QMAIL_DIR Maildir
7 MAIL_DIR /var/spool/mail
8 #MAIL_FILE .mail
9
10 # Password aging controls:
11 #
12 # PASS_MAX_DAYS Maximum number of days a password may be used.
13 # PASS_MIN_DAYS Minimum number of days allowed between password changes.
14 # PASS_MIN_LEN Minimum acceptable password length.
15 # PASS_WARN_AGE Number of days warning given before a password expires.
16 #
17 PASS_MAX_DAYS 99999
18 PASS_MIN_DAYS 0
19 #PASS_MIN_LEN 5
20 PASS_WARN_AGE 7
21
22 #
23 # Min/max values for automatic uid selection in useradd
24 #
25 UID_MIN 500
26 UID_MAX 2000
27
28 #
29 # Min/max values for automatic gid selection in groupadd
30 #
31 GID_MIN 500
32 GID_MAX 2000
33
34 #
35 # If defined, this command is run when removing a user.
36 # It should remove any at/cron/print jobs etc. owned by
37 # the user to be removed (passed as the first argument).
38 #
39 # USERDEL_CMD /usr/sbin/userdel_local
40
41 #
42 # If useradd should create home directories for users by default
43 # On RH systems, we do. This option is ORed with the -m flag on
44 # useradd command line.
45 #
46 CREATE_HOME yes
47
48 #
49 # The password hashing method and iteration count to use for group
50 # passwords that may be set with gpasswd(1).
51 #
52 CRYPT_PREFIX $2a$
53 CRYPT_ROUNDS 8
54
55 #
56 # Whether to use tcb password shadowing scheme. Use 'yes' if using
57 # tcb and 'no' if using /etc/shadow
58 #
59 USE_TCB no
60
61 #
62 # Whether newly created tcb-style shadow files should be readable by
63 # group "auth".
64 #
65 TCB_AUTH_GROUP yes
66
67 #
68 # Whether useradd should create symlinks rather than directories under
69 # /etc/tcb for newly created accounts with UIDs over 1000. See tcb(5)
70 # for information on why this may be needed.
71 #
72 TCB_SYMLINKS no
73
74 #
75 # Delay in seconds before being allowed another attempt after a login failure
76 #
77 FAIL_DELAY 3
78
79 #
80 # Enable display of unknown usernames when login failures are recorded.
81 #
82 LOG_UNKFAIL_ENAB no
83
84 #
85 # Enable logging of successful logins
86 #
87 LOG_OK_LOGINS no
88
89 #
90 # Enable "syslog" logging of su activity - in addition to sulog file logging.
91 # SYSLOG_SG_ENAB does the same for newgrp and sg.
92 #
93 SYSLOG_SU_ENAB yes
94 SYSLOG_SG_ENAB yes
95
96 #
97 # If defined, either full pathname of a file containing device names or
98 # a ":" delimited list of device names. Root logins will be allowed only
99 # upon these devices.
100 #
101 CONSOLE /etc/securetty
102 #CONSOLE console:tty01:tty02:tty03:tty04
103
104 #
105 # If defined, the command name to display when running "su -". For
106 # example, if this is defined as "su" then a "ps" will display the
107 # command is "-su". If not defined, then "ps" would display the
108 # name of the shell actually being run, e.g. something like "-sh".
109 #
110 SU_NAME su
111
112 #
113 # If defined, file which inhibits all the usual chatter during the login
114 # sequence. If a full pathname, then hushed mode will be enabled if the
115 # user's name or shell are found in the file. If not a full pathname, then
116 # hushed mode will be enabled if the file exists in the user's home directory.
117 #
118 HUSHLOGIN_FILE .hushlogin
119 #HUSHLOGIN_FILE /etc/hushlogins
120
121 #
122 # *REQUIRED* The default PATH settings, for superuser and normal users.
123 #
124 # (they are minimal, add the rest in the shell startup files)
125 ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
126 ENV_PATH PATH=/bin:/usr/bin
127
128 #
129 # Terminal permissions
130 #
131 # TTYGROUP Login tty will be assigned this group ownership.
132 # TTYPERM Login tty will be set to this permission.
133 #
134 # If you have a "write" program which is "setgid" to a special group
135 # which owns the terminals, define TTYGROUP to the group number and
136 # TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
137 # TTYPERM to either 622 or 600.
138 #
139 TTYGROUP tty
140 TTYPERM 0600
141
142 #
143 # Login configuration initializations:
144 #
145 # ERASECHAR Terminal ERASE character ('\010' = backspace).
146 # KILLCHAR Terminal KILL character ('\025' = CTRL/U).
147 # UMASK Default "umask" value.
148 # ULIMIT Default "ulimit" value.
149 #
150 # The ERASECHAR and KILLCHAR are used only on System V machines.
151 # The ULIMIT is used only if the system supports it.
152 # (now it works with setrlimit too; ulimit is in 512-byte units)
153 #
154 # Prefix these values with "0" to get octal, "0x" to get hexadecimal.
155 #
156 ERASECHAR 0177
157 KILLCHAR 025
158 UMASK 022
159 #ULIMIT 2097152
160
161 #
162 # Max number of login retries if password is bad
163 #
164 LOGIN_RETRIES 5
165
166 #
167 # Max time in seconds for login
168 #
169 LOGIN_TIMEOUT 60
170
171 #
172 # Which fields may be changed by regular users using chfn - use
173 # any combination of letters "frwh" (full name, room number, work
174 # phone, home phone). If not defined, no changes are allowed.
175 # For backward compatibility, "yes" = "rwh" and "no" = "frwh".
176 #
177 CHFN_RESTRICT rwh
178
179 #
180 # Should login be allowed if we can't cd to the home directory?
181 # Default in no.
182 #
183 DEFAULT_HOME yes
184
185 #
186 # Enable setting of the umask group bits to be the same as owner bits
187 # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
188 # the same as gid, and username is the same as the primary group name.
189 #
190 # This also enables userdel to remove user groups if no members exist.
191 #
192 USERGROUPS_ENAB yes
193

  ViewVC Help
Powered by ViewVC 1.1.30