aboutsummaryrefslogtreecommitdiff
path: root/base/bin/config/login.defs
diff options
context:
space:
mode:
Diffstat (limited to 'base/bin/config/login.defs')
-rw-r--r--base/bin/config/login.defs261
1 files changed, 261 insertions, 0 deletions
diff --git a/base/bin/config/login.defs b/base/bin/config/login.defs
new file mode 100644
index 0000000..b929796
--- /dev/null
+++ b/base/bin/config/login.defs
@@ -0,0 +1,261 @@
+#
+# /etc/login.defs - settings for user account and group utilities.
+#
+
+#
+# Delay in seconds before being allowed another attempt after a login failure
+# Note: When PAM is used, some modules may enfore a minimal delay (e.g.
+# pam_unix enforces a 2s delay)
+#
+# This setting affects 'su' and 'login' from util-linux.
+#
+FAIL_DELAY 3
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# This setting affects 'login' from util-linux.
+#
+LOG_UNKFAIL_ENAB no
+
+#
+# Enable "syslog" logging of 'sg' activity.
+#
+# This setting affects 'sg' from shadow.
+#
+SYSLOG_SG_ENAB yes
+
+#
+# If defined, ":" delimited list of "message of the day" files to
+# be displayed upon login. This is better handled by pam_motd.so so the
+# declaration here is empty to suppress display by tools which read
+# their settings from this file.
+#
+# This setting affects 'login' from util-linux.
+#
+MOTD_FILE
+#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+
+#
+# *REQUIRED*
+# Directory where mailboxes reside, _or_ name of file, relative to the
+# home directory. If you _do_ define both, MAIL_DIR takes precedence.
+#
+# This setting affects 'useradd', 'userdel' and 'usermod' from shadow.
+#
+MAIL_DIR /var/spool/mail
+#MAIL_FILE .mail
+#QMAIL_DIR Maildir
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence. If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file. If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+# This setting affects 'login' from util-linux.
+#
+HUSHLOGIN_FILE .hushlogin
+#HUSHLOGIN_FILE /etc/hushlogins
+
+#
+# *REQUIRED* The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+#
+# These settings affects 'login', 'su' and 'runuser' from util-linux.
+#
+ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
+ENV_PATH PATH=/usr/local/bin:/bin:/usr/bin
+#ENV_ROOTPATH PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
+
+#
+# If set to yes and --login and --preserve-environment were not specified
+# su initializes PATH.
+#
+# This setting affects 'su' and 'runuser' from util-linux.
+#
+#ALWAYS_SET_PATH no
+
+#
+# Terminal permissions
+#
+# TTYGROUP Login tty will be assigned this group ownership.
+# TTYPERM Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# These settings affects 'login' from util-linux.
+#
+TTYGROUP tty
+TTYPERM 0620
+
+#
+# This is the umask used to set the mode of new user directories.
+#
+# 022 is the default value, but 027, or even 077, could be considered
+# better for privacy. There is no One True Answer here: each sysadmin
+# must make up her mind.
+#
+# This setting affects 'newusers' and 'useradd' from shadow.
+#
+UMASK 022
+
+#
+# Password aging controls:
+#
+# PASS_MAX_DAYS Maximum number of days a password may be used.
+# PASS_MIN_DAYS Minimum number of days allowed between password changes.
+# PASS_MIN_LEN Minimum acceptable password length.
+# PASS_WARN_AGE Number of days warning given before a password expires.
+#
+# These settings affects 'chpasswd', 'newusers', 'pwck', 'pwconv', 'pwunconv',
+# 'useradd' and 'usermod' from shadow.
+#
+PASS_MAX_DAYS 99999
+PASS_MIN_DAYS 0
+PASS_WARN_AGE 7
+#
+# This setting affects 'passwd' from shadow.
+#
+PASS_MIN_LEN 5
+
+#
+# Min/max values for automatic uid selection in useradd from shadow
+#
+UID_MIN 1000
+UID_MAX 60000
+# System accounts
+SYS_UID_MIN 101
+SYS_UID_MAX 999
+
+#
+# Min/max values for automatic gid selection in groupadd for shadow
+#
+GID_MIN 1000
+GID_MAX 60000
+# System accounts
+SYS_GID_MIN 101
+SYS_GID_MAX 999
+
+#
+# Max number of login retries if password is bad
+#
+# This setting affects 'login' from util-linux.
+#
+LOGIN_RETRIES 5
+
+#
+# Max time in seconds for login
+#
+# This setting affects 'login' from util-linux.
+#
+LOGIN_TIMEOUT 60
+
+#
+# Maximum number of attempts to change password if rejected (too easy)
+#
+# This setting affects 'passwd' from shadow.
+#
+PASS_CHANGE_TRIES 5
+
+#
+# Warn about weak passwords (but still allow them) if you are root.
+#
+# This setting affects 'passwd' from shadow.
+#
+PASS_ALWAYS_WARN yes
+
+#
+# Number of significant characters in the password for crypt().
+# Default is 8, don't change unless your crypt() is better.
+# Ignored if MD5_CRYPT_ENAB set to "yes".
+#
+# This setting affects 'passwd' from shadow.
+#
+#PASS_MAX_LEN 8
+
+#
+# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: If you use PAM, it is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+# This setting affects 'passwd' from shadow.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# This setting affects 'passwd' from shadow.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default in no.
+#
+# This setting affects 'login' from util-linux.
+#
+DEFAULT_HOME yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+# This setting affects 'userdel' from shadow.
+#
+#USERDEL_CMD /usr/sbin/userdel_local
+
+#
+# Enable setting of the umask group bits to be the same as owner bits
+# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
+# the same as gid, and username is the same as the primary group name.
+#
+# This also enables userdel to remove user groups if no members exist.
+#
+# This setting affects 'useradd' and 'userdel' from shadow.
+#
+USERGROUPS_ENAB yes
+
+#
+# If set to a non-nul number, the shadow utilities will make sure that
+# groups never have more than this number of users on one line.
+# This permit to support split groups (groups split into multiple lines,
+# with the same group ID, to avoid limitation of the line length in the
+# group file).
+#
+# 0 is the default value and disables this feature.
+#
+#MAX_MEMBERS_PER_GROUP 0
+
+#
+# If useradd should create home directories for users by default (non
+# system users only)
+# This option is overridden with the -M or -m flags on the useradd command
+# line.
+#
+# This setting affects 'useradd' from shadow.
+#
+#CREATE_HOME yes