release/2.2.0

1 files changed, 0 insertions, 364 deletions

diff --git a/lib/libutil/login.conf.5 b/lib/libutil/login.conf.5
deleted file mode 100644
index d56e94f59978..000000000000
--- a/lib/libutil/login.conf.5
+++ /dev/null
@@ -1,364 +0,0 @@
-.\" Copyright (c) 1996 David Nugent <davidn@blaze.net.au>
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, is permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice immediately at the beginning of the file, without modification,
-.\"    this list of conditions, and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. This work was done expressly for inclusion into FreeBSD.  Other use
-.\"    is permitted provided this notation is included.
-.\" 4. Absolutely no warranty of function or purpose is made by the author
-.\"    David Nugent.
-.\" 5. Modifications may be freely made to this file providing the above
-.\"    conditions are met.
-.\"
-.\" $Id$
-.\"
-.Dd November 22, 1996
-.Dt LOGIN.CONF 5
-.Os FreeBSD
-.Sh NAME
-.Nm login.conf
-.Nd login class capability database
-.Sh SYNOPSIS
-.Pa /etc/login.conf ,
-.Pa ~/.login_conf
-.Sh DESCRIPTION
-login.conf contains various attributes and capabilities of login classes.
-A login class (an optional annotation against each record in the user
-account database,
-.Pa /etc/master.passwd )
-determines session accounting, resource limits and user environment settings.
-It is used by various programs in the system to set up a user's login
-environment and to enforce policy, accounting and administrative restrictions.
-It also provides the means by which users are able to be
-authenticated to the system and the types of authentication available.
-.Pp
-A special record "default" in the system user class capability database
-.Pa /etc/login.conf
-is used automatically for any
-non-root user without a valid login class in
-.Pa /etc/master.passwd .
-A user with a uid of 0 without a valid login class will use the record
-"root" if it exists, or "default" if not.
-.Pp
-In FreeBSD, users may individually create a file called
-.Pa .login_conf
-in their home directory using the same format, consisting of a single
-entry with a record id of "me".
-If present, this file is used by
-.Xr login 1
-to set user-defined environment settings which override those specified
-in the system login capabilities database.
-Only a subset of login capabilities may be overridden, typically those
-which do not involve authentication, resource limits and accounting.
-.Pp
-Records in a class capabilities database consist of a number of
-colon-separated fields.
-The first entry for each record gives one or more names that a record is
-to be known by, each separated by a '|' character.
-The first name is the most common abbreviation.
-The last name given should be a long name that is more descriptive
-of the capability entry, and all others are synonyms.
-All names but the last should be in lower case and contain no blanks;
-the last name may contain upper case characters and blanks for
-readability.
-.Pp
-See
-.Xr getcap 3
-for a more in-depth description of the format of a capability database.
-.Sh CAPABILITIES
-Fields within each record in the database follow the
-.Xr getcap 3
-conventions for boolean, type string
-.Ql \&= 
-and type numeric
-.Ql \&# ,
-although type numeric is depreciated in favour of the string format and
-either form is accepted for a numeric datum.
-Values fall into the following categories:
-.Bl -tag -width "program"
-.It file
-Path name to a data file
-.It program
-Path name to an executable file
-.It list
-A list of values (or pairs of values) separated by commas or spaces
-.It path
-A space or comma separated list of path names, following the usual csh
-conventions (leading tilde with and without username being expanded to
-home directories etc.)
-.It number
-A numeric value, either decimal (default), hexadecimal (with leading 0x),
-or octal (with a leading 0).
-With a numeric type, only one numeric value is allowed.
-Numeric types may also be specified in string format (ie. the capability
-tag being delimited from the value by '=' instead of '#').
-Whichever method is used, then all records in the database must use the
-same method to allow values to be correctly overridden in interpolated
-records.
-.It size
-A number which expresses a size.
-The default interpretation of a value is the number of bytes, but a
-suffix may specify alternate units:
-.Bl -tag -offset indent -compact -width xxxx
-.It b
-explicitly selects 512-byte blocks
-.It k
-selects kilobytes (1024 bytes)
-.It m
-specifies a multiplier of 1 megabyte (1048576 bytes),
-.It g
-specifies units of gigabytes, and
-.It t
-represents terrabytes.
-.El
-A size value is a numeric quantity and case of the suffix is not significant.
-Concatenated values are added together.
-.It time
-A period of time, by default in seconds.
-A prefix may specify a different unit;
-.Bl -tag -offset indent -compact -width xxxx
-.It y
-indicates the number of 365 day years,
-.It w
-indicates the number of weeks,
-.It d
-the number of days,
-.It h
-the number of minutes, and
-.It s
-the number of seconds.
-.El
-Concatenated values are added together.
-For example, 2 hours and 40 minutes may be written either as
-9600s, 160m or 2h40m.
-.El
-.Pp
-The usual convention to interpolate capability entries using the special
-.Em tc=value
-notation may be used.
-.Pp
-.Sh RESOURCE LIMITS
-.Bl -column coredumpsize indent indent
-.Sy Name	Type	Notes	Description
-.It cputime	time		CPU usage limit.
-.It filesize	size		Maximum file size limit.
-.It datasize	size		Maximum data size limit.
-.It stacksize	size		Maximum stack size limit.
-.It coredumpsize	size		Maximum coredump size limit.
-.It memoryuse	size		Maximum of core memory use size limit.
-.It memorylocked	size		Maximum locked in core memory size limit.
-.It maxproc	number		Maximum number of processes.
-.It openfiles	number		Maximum number of open files per process.
-.El
-.Pp
-These resource limit entries actually specify both the maximum
-and current limits (see
-.Xr getrlimit 2 ).
-The current (soft) limit is the one normally used, although the user is permitted
-to increase the current limit to the maximum (hard) limit.
-The maximum and current limits may be specified individually by appending a
--max or -cur to the capability name.
-.Pp
-.Sh ENVIRONMENT
-.Bl -column ignorenologin indent xbinxxusrxbin
-.Sy Name	Type	Notes	Description
-.It charset	string		Set $MM_CHARSET environment variable to the specified
-value.
-.It hushlogin	bool	false	Same as having a ~/.hushlogin file.
-.It ignorenologin	bool	false	Login not prevented by nologin.
-.It lang	string		Set $LANG environment variable to the specified value.
-.It manpath	path		Default search path for manpages.
-.It nologin	file		If the file exists it will be displayed and
-the login session will be terminated.
-.It path	path	/bin /usr/bin	Default search path.
-.It priority	number		Initial priority (nice) level.
-.It requirehome 	bool	false	Require a valid home directory to login.
-.It setenv	list		A comma-separated list of environment variables and
-values to which they are to be set.
-.It shell	prog		Session shell to execute rather than the
-shell specified in the passwd file. The SHELL environment variable will
-contain the shell specified in the password file.
-.It term	string	su	Default terminal type if not able to determine from
-other means.
-.It timezone	string		Default value of $TZ environment variable.
-.It umask	number	022	Initial umask. Should always have a leading 0 to
-ensure octal interpretation.
-.It welcome	file	/etc/motd	File containing welcome message.
-.El
-.Pp
-.Sh AUTHENTICATION
-.Bl -column minpasswordlen indent indent
-.Sy Name	Type	Notes	Description
-.It minpasswordlen	number	6	The minimum length a local password may be.
-.\" .It approve	program 	Program to approve login.
-.It auth	list	passwd	Allowed authentication styles. The first value is the
-default style.
-.It auth-<type>	list		Allowed authentication styles for the
-authentication type 'type'.
-.It copyright	file		File containing additional copyright information
-.\".It widepasswords	bool	false	Use the wide password format. The wide password
-.\" format allows up to 128 significant characters in the password.
-.It host.allow	list		List of remote host wildcards from which users in
-the class may access.
-.It host.deny	list		List of remote host wildcards from which users in
-the class may not access.
-.It times.allow 	list		List of time periods during which
-logins are allowed.
-.It times.deny	list		List of time periods during which logins are
-disallowed.
-.It tty.allow	list		List of ttys and ttygroups which users
-in the class may use for access.
-.It tty.deny	list		List of ttys and ttygroups which users
-in the class may not use for access.
-.El
-.Pp
-These fields are intended to be used by
-.Xr passwd 1
-and other programs in the login authentication system.
-.Pp
-Capabilities that set environment variables are scanned for both
-.Ql \&~
-and
-.Ql \&$
-characters, which are substituted for a user's home directory and name
-respectively.
-To pass these characters literally into the environment variable, escape
-the character by preceding it with a backslash '\\'.
-.Pp
-The
-.Em host.allow
-and
-.Em host.deny
-entries are comma separated lists used for checking remote access to the system,
-and consist of a list of hostnames and/or IP addresses against which remote
-network logins are checked.
-Items in these lists may contain wildcards in the form used by shell programs
-for wildcard matching (See
-.Xr fnmatch 3
-for details on the implementation).
-The check on hosts is made against both the remote system's Internet address
-and hostname (if available).
-If both lists are empty or not specified, then logins from any remote host
-are allowed.
-If host.allow contains one or more hosts, then only remote systems matching
-any of the items in that list are allowed to log in.
-If host.deny contains one or more hosts, then a login from any matching hosts
-will be disallowed.
-.Pp
-The
-.Em times.allow
-and
-.Em times.deny
-entries consist of a comma-separated list of time periods during which the users
-in a class are allowed to be logged in.
-These are expressed as one or more day codes followed by a start and end times
-expressed in 24 hour format, separated by a hyphen or dash.
-For example, MoThSa0200-1300 translates to Monday, Thursday and Saturday between
-the hours of 2 am and 1 p.m..
-If both of these time lists are empty, users in the class are allowed access at
-any time.
-If
-.Em times.allow
-is specified, then logins are only allowed during the periods given.
-If
-.Em times.deny
-is specified, then logins are denied during the periods given, regardless of whether
-one of the periods specified in
-.Em times.allow
-applies.
-.Pp
-Note that
-.Xr login 1
-enforces only that the actual login falls within periods allowed by these entries.
-Further enforcement over the life of a session requires a separate daemon to
-monitor transitions from an allowed period to a non-allowed one.
-.Pp
-The
-.Em tty.allow
-and
-.Em tty.deny
-entries contain a comma-separated list of tty devices (without the /dev/ prefix)
-that a user in a class may use to access the system, and/or a list of ttygroups
-(See
-.Xr getttyent 3
-and
-.Xr ttys 5
-for information on ttygroups).
-If neither entry exists, then the choice of login device used by the user is
-unrestricted.
-If only
-.Em tty.allow
-is specified, then the user is restricted only to ttys in the given
-group or device list.
-If only
-.Em tty.deny
-is specified, then the user is prevented from using the specified devices or
-devices in the group.
-If both lists are given and are non-empty, the user is restricted to those
-devices allowed by tty.allow that are not available by tty.deny.
-.Sh ACCOUNTING LIMITS
-.Bl -column passwordperiod indent indent
-.Sy Name	Type	Notes	Description
-.It accounted	bool	false	Enable session time accounting for all users
-in this class.
-.It autodelete	time		Time after expiry when account is auto-deleted.
-.It bootfull	bool	false	Enable 'boot only if ttygroup is full' strategy
-when terminating sessions.
-.It daytime	time		Maximum login time per day.
-.It expireperiod	time		Time for expiry allocation.
-.It graceexpire 	time		Grace days for expired account.
-.It gracetime	time		Additional grace login time allowed.
-.It host.accounted	list		List of remote host wildcards from which
-login sessions will be accounted.
-.It host.exempt 	list		List of remote host wildcards from which
-login session accounting is exempted.
-.It idletime	time		Maximum idle time before logout.
-.It monthtime 	time		Maximum login time per month.
-.It passwordtime	time		Time for password expiry.
-.It refreshtime 	time		New time allowed on account refresh.
-.It refreshperiod	str		How often account time is refreshed.
-.It sessiontime 	time		Maximum login time per session.
-.It sessionlimit	number		Maximum number of concurrent
-login sessions on ttys in any group.
-.It tty.accounted	list		List of ttys and ttygroups for which
-login accounting is active.
-.It tty.exempt	list		List of ttys and ttygroups for which login accounting
-is exempt.
-.It warnexpire	time		Advance notice for pending account expiry.
-.It warnpassword	time		Advance notice for pending password expiry.
-.It warntime	time		Advance notice for pending out-of-time.
-.It weektime	time		Maximum login time per week.
-.El
-.Pp
-These fields are used by the time accounting system, which regulates,
-controls and records user login access.
-.Pp
-The
-.Em ttys.accounted
-and
-.Em ttys.exempt
-fields operate in a similar manner to
-.Em ttys.allow
-and
-.Em ttys.deny
-as explained
-above.
-Similarly with the
-.Em host.accounted
-and
-.Em host.exempt
-lists.
-.Sh SEE ALSO
-.Xr login 1 ,
-.Xr getcap 3 ,
-.Xr getttyent 3 ,
-.Xr login_cap 3 ,
-.Xr login_class 3 ,
-.Xr ttys 5