1 |
# *REQUIRED* |
2 |
# Directory where mailboxes reside, _or_ name of file, relative to the |
3 |
# home directory. If you _do_ define both, MAIL_DIR takes precedence. |
4 |
# QMAIL_DIR is for Qmail |
5 |
# |
6 |
#QMAIL_DIR Maildir |
7 |
MAIL_DIR /var/spool/mail |
8 |
#MAIL_FILE .mail |
9 |
|
10 |
# Password aging controls: |
11 |
# |
12 |
# PASS_MAX_DAYS Maximum number of days a password may be used. |
13 |
# PASS_MIN_DAYS Minimum number of days allowed between password changes. |
14 |
# PASS_MIN_LEN Minimum acceptable password length. |
15 |
# PASS_WARN_AGE Number of days warning given before a password expires. |
16 |
# |
17 |
PASS_MAX_DAYS 99999 |
18 |
PASS_MIN_DAYS 0 |
19 |
#PASS_MIN_LEN 5 |
20 |
PASS_WARN_AGE 7 |
21 |
|
22 |
# |
23 |
# Min/max values for automatic uid selection in useradd |
24 |
# |
25 |
UID_MIN 500 |
26 |
UID_MAX 2000 |
27 |
|
28 |
# |
29 |
# Min/max values for automatic gid selection in groupadd |
30 |
# |
31 |
GID_MIN 500 |
32 |
GID_MAX 2000 |
33 |
|
34 |
# |
35 |
# If defined, this command is run when removing a user. |
36 |
# It should remove any at/cron/print jobs etc. owned by |
37 |
# the user to be removed (passed as the first argument). |
38 |
# |
39 |
# USERDEL_CMD /usr/sbin/userdel_local |
40 |
|
41 |
# |
42 |
# If useradd should create home directories for users by default |
43 |
# On RH systems, we do. This option is ORed with the -m flag on |
44 |
# useradd command line. |
45 |
# |
46 |
CREATE_HOME yes |
47 |
|
48 |
# |
49 |
# The password hashing method and iteration count to use for group |
50 |
# passwords that may be set with gpasswd(1). |
51 |
# |
52 |
CRYPT_PREFIX $2a$ |
53 |
CRYPT_ROUNDS 8 |
54 |
|
55 |
# |
56 |
# Whether to use tcb password shadowing scheme. Use 'yes' if using |
57 |
# tcb and 'no' if using /etc/shadow |
58 |
# |
59 |
USE_TCB no |
60 |
|
61 |
# |
62 |
# Whether newly created tcb-style shadow files should be readable by |
63 |
# group "auth". |
64 |
# |
65 |
TCB_AUTH_GROUP yes |
66 |
|
67 |
# |
68 |
# Whether useradd should create symlinks rather than directories under |
69 |
# /etc/tcb for newly created accounts with UIDs over 1000. See tcb(5) |
70 |
# for information on why this may be needed. |
71 |
# |
72 |
TCB_SYMLINKS no |
73 |
|
74 |
# |
75 |
# Delay in seconds before being allowed another attempt after a login failure |
76 |
# |
77 |
FAIL_DELAY 3 |
78 |
|
79 |
# |
80 |
# Enable display of unknown usernames when login failures are recorded. |
81 |
# |
82 |
LOG_UNKFAIL_ENAB no |
83 |
|
84 |
# |
85 |
# Enable logging of successful logins |
86 |
# |
87 |
LOG_OK_LOGINS no |
88 |
|
89 |
# |
90 |
# Enable "syslog" logging of su activity - in addition to sulog file logging. |
91 |
# SYSLOG_SG_ENAB does the same for newgrp and sg. |
92 |
# |
93 |
SYSLOG_SU_ENAB yes |
94 |
SYSLOG_SG_ENAB yes |
95 |
|
96 |
# |
97 |
# If defined, either full pathname of a file containing device names or |
98 |
# a ":" delimited list of device names. Root logins will be allowed only |
99 |
# upon these devices. |
100 |
# |
101 |
CONSOLE /etc/securetty |
102 |
#CONSOLE console:tty01:tty02:tty03:tty04 |
103 |
|
104 |
# |
105 |
# If defined, the command name to display when running "su -". For |
106 |
# example, if this is defined as "su" then a "ps" will display the |
107 |
# command is "-su". If not defined, then "ps" would display the |
108 |
# name of the shell actually being run, e.g. something like "-sh". |
109 |
# |
110 |
SU_NAME su |
111 |
|
112 |
# |
113 |
# If defined, file which inhibits all the usual chatter during the login |
114 |
# sequence. If a full pathname, then hushed mode will be enabled if the |
115 |
# user's name or shell are found in the file. If not a full pathname, then |
116 |
# hushed mode will be enabled if the file exists in the user's home directory. |
117 |
# |
118 |
HUSHLOGIN_FILE .hushlogin |
119 |
#HUSHLOGIN_FILE /etc/hushlogins |
120 |
|
121 |
# |
122 |
# *REQUIRED* The default PATH settings, for superuser and normal users. |
123 |
# |
124 |
# (they are minimal, add the rest in the shell startup files) |
125 |
ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin |
126 |
ENV_PATH PATH=/bin:/usr/bin |
127 |
|
128 |
# |
129 |
# Terminal permissions |
130 |
# |
131 |
# TTYGROUP Login tty will be assigned this group ownership. |
132 |
# TTYPERM Login tty will be set to this permission. |
133 |
# |
134 |
# If you have a "write" program which is "setgid" to a special group |
135 |
# which owns the terminals, define TTYGROUP to the group number and |
136 |
# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign |
137 |
# TTYPERM to either 622 or 600. |
138 |
# |
139 |
TTYGROUP tty |
140 |
TTYPERM 0600 |
141 |
|
142 |
# |
143 |
# Login configuration initializations: |
144 |
# |
145 |
# ERASECHAR Terminal ERASE character ('\010' = backspace). |
146 |
# KILLCHAR Terminal KILL character ('\025' = CTRL/U). |
147 |
# UMASK Default "umask" value. |
148 |
# ULIMIT Default "ulimit" value. |
149 |
# |
150 |
# The ERASECHAR and KILLCHAR are used only on System V machines. |
151 |
# The ULIMIT is used only if the system supports it. |
152 |
# (now it works with setrlimit too; ulimit is in 512-byte units) |
153 |
# |
154 |
# Prefix these values with "0" to get octal, "0x" to get hexadecimal. |
155 |
# |
156 |
ERASECHAR 0177 |
157 |
KILLCHAR 025 |
158 |
UMASK 022 |
159 |
#ULIMIT 2097152 |
160 |
|
161 |
# |
162 |
# Max number of login retries if password is bad |
163 |
# |
164 |
LOGIN_RETRIES 5 |
165 |
|
166 |
# |
167 |
# Max time in seconds for login |
168 |
# |
169 |
LOGIN_TIMEOUT 60 |
170 |
|
171 |
# |
172 |
# Which fields may be changed by regular users using chfn - use |
173 |
# any combination of letters "frwh" (full name, room number, work |
174 |
# phone, home phone). If not defined, no changes are allowed. |
175 |
# For backward compatibility, "yes" = "rwh" and "no" = "frwh". |
176 |
# |
177 |
CHFN_RESTRICT rwh |
178 |
|
179 |
# |
180 |
# Should login be allowed if we can't cd to the home directory? |
181 |
# Default in no. |
182 |
# |
183 |
DEFAULT_HOME yes |
184 |
|
185 |
# |
186 |
# Enable setting of the umask group bits to be the same as owner bits |
187 |
# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is |
188 |
# the same as gid, and username is the same as the primary group name. |
189 |
# |
190 |
# This also enables userdel to remove user groups if no members exist. |
191 |
# |
192 |
USERGROUPS_ENAB yes |
193 |
|