|
Unix VPS
Support
FAQ
Network
Miscellaneous
|
| LOGIN.ACCESS(5) | FreeBSD File Formats Manual | LOGIN.ACCESS(5) |
NAME
login.access —
SYNOPSIS
/etc/login.accessDESCRIPTION
Thelogin.access file specifies (user, host)
combinations and/or (user, tty) combinations for which a login will be either
accepted or refused.
When someone logs in, the login.access is
scanned for the first entry that matches the (user, host) combination, or,
in case of non-networked logins, the first entry that matches the (user,
tty) combination. The permissions field of that table entry determines
whether the login will be accepted or refused.
Each line of the login access control table has three fields
separated by a ‘:’ character:
permission:users:origins
The first field should be a "+" (access granted) or "-" (access denied) character.
The second field should be a list of one or more login names, group names, or ALL (always matches). Group names must be enclosed in parentheses if the pam module specification for pam_login_access specifies the nodefgroup option. Otherwise, group names will only match if no usernames match.
The third field should be a list of one or more tty names (for non-networked logins), host names, domain names (begin with "."), host addresses, internet network numbers (end with "."), ALL (always matches) or LOCAL (matches any string that does not contain a "." character). If you run NIS you can use @netgroupname in host or user patterns.
The EXCEPT operator makes it possible to write very compact rules.
The group file is searched only when a name does not match that of the logged-in user. Only groups are matched in which users are explicitly listed: the program does not look at a user's primary group id value.
FILES
- /etc/login.access
- login access control table
SEE ALSO
login(1), pam_login_access(8)AUTHORS
Guido van Rooij| January 30, 2020 | FreeBSD 13.1-RELEASE |
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.