Lieber Besucher, herzlich willkommen bei: GentooForum.de. Falls dies Ihr erster Besuch auf dieser Seite ist, lesen Sie sich bitte die Hilfe durch. Dort wird Ihnen die Bedienung dieser Seite näher erläutert. Darüber hinaus sollten Sie sich registrieren, um alle Funktionen dieser Seite nutzen zu können. Benutzen Sie das Registrierungsformular, um sich zu registrieren oder informieren Sie sich ausführlich über den Registrierungsvorgang. Falls Sie sich bereits zu einem früheren Zeitpunkt registriert haben, können Sie sich hier anmelden.
Quellcode |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 |
# # /etc/login.defs - Configuration control definitions for the shadow package. # # $Id: login.defs 3189 2010-03-26 11:53:06Z nekral-guest $ # # # Delay in seconds before being allowed another attempt after a login failure # Note: When PAM is used, some modules may enfore a minimal delay (e.g. # pam_unix enforces a 2s delay) # FAIL_DELAY 3 # # Enable logging and display of /var/log/faillog login failure info. # FAILLOG_ENAB yes # # Enable display of unknown usernames when login failures are recorded. # LOG_UNKFAIL_ENAB yes # # Enable logging of successful logins # LOG_OK_LOGINS yes # # Enable logging and display of /var/log/lastlog login time info. # LASTLOG_ENAB yes # # Enable checking and display of mailbox status upon login. # # Disable if the shell startup files already check for mail # ("mailx -e" or equivalent). # #MAIL_CHECK_ENAB # # Enable additional checks upon password changes. # #OBSCURE_CHECKS_ENAB # # Enable checking of time restrictions specified in /etc/porttime. # #PORTTIME_CHECKS_ENAB # # Enable setting of ulimit, umask, and niceness from passwd gecos field. # #QUOTAS_ENAB # # Enable "syslog" logging of su activity - in addition to sulog file logging. # SYSLOG_SG_ENAB does the same for newgrp and sg. # SYSLOG_SU_ENAB yes SYSLOG_SG_ENAB yes # # If defined, either full pathname of a file containing device names or # a ":" delimited list of device names. Root logins will be allowed only # upon these devices. # CONSOLE /etc/securetty #CONSOLE console:tty01:tty02:tty03:tty04 # # If defined, all su activity is logged to this file. # SULOG_FILE /var/log/sulog # # If defined, ":" delimited list of "message of the day" files to # be displayed upon login. # #MOTD_FILE #MOTD_FILE # # If defined, this file will be output before each login prompt. # #ISSUE_FILE /etc/issue # # If defined, file which maps tty line to TERM environment parameter. # Each line of the file is in a format something like "vt100 tty01". # #TTYTYPE_FILE /etc/ttytype # # If defined, login failures will be logged here in a utmp format. # last, when invoked as lastb, will read /var/log/btmp, so... # #FTMP_FILE # # If defined, name of file whose presence which will inhibit non-root # logins. The contents of this file should be a message indicating # why logins are inhibited. # #NOLOGINS_FILE # # If defined, the command name to display when running "su -". For # example, if this is defined as "su" then a "ps" will display the # command is "-su". If not defined, then "ps" would display the # name of the shell actually being run, e.g. something like "-sh". # SU_NAME su # # *REQUIRED* # Directory where mailboxes reside, _or_ name of file, relative to the # home directory. If you _do_ define both, MAIL_DIR takes precedence. # MAIL_DIR /var/spool/mail #MAIL_FILE .mail # # If defined, file which inhibits all the usual chatter during the login # sequence. If a full pathname, then hushed mode will be enabled if the # user's name or shell are found in the file. If not a full pathname, then # hushed mode will be enabled if the file exists in the user's home directory. # HUSHLOGIN_FILE .hushlogin #HUSHLOGIN_FILE /etc/hushlogins # # If defined, either a TZ environment parameter spec or the # fully-rooted pathname of a file containing such a spec. # #ENV_TZ TZ=CST6CDT #ENV_TZ /etc/tzname # # If defined, an HZ environment parameter spec. # # for Linux/x86 #ENV_HZ # For Linux/Alpha... #ENV_HZ # # *REQUIRED* The default PATH settings, for superuser and normal users. # # (they are minimal, add the rest in the shell startup files) ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin ENV_PATH PATH=/bin:/usr/bin # # Terminal permissions # # TTYGROUP Login tty will be assigned this group ownership. # TTYPERM Login tty will be set to this permission. # # If you have a "write" program which is "setgid" to a special group # which owns the terminals, define TTYGROUP to the group number and # TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign # TTYPERM to either 622 or 600. # TTYGROUP tty TTYPERM 0600 # # Login configuration initializations: # # ERASECHAR Terminal ERASE character ('\010' = backspace). # KILLCHAR Terminal KILL character ('\025' = CTRL/U). # ULIMIT Default "ulimit" value. # # The ERASECHAR and KILLCHAR are used only on System V machines. # The ULIMIT is used only if the system supports it. # (now it works with setrlimit too; ulimit is in 512-byte units) # # Prefix these values with "0" to get octal, "0x" to get hexadecimal. # ERASECHAR 0177 KILLCHAR 025 #ULIMIT 2097152 # Default initial "umask" value used by login on non-PAM enabled systems. # Default "umask" value for pam_umask on PAM enabled systems. # UMASK is also used by useradd and newusers to set the mode of new home # directories. # 022 is the default value, but 027, or even 077, could be considered # better for privacy. There is no One True Answer here: each sysadmin # must make up her mind. UMASK 022 # # Password aging controls: # # PASS_MAX_DAYS Maximum number of days a password may be used. # PASS_MIN_DAYS Minimum number of days allowed between password changes. # PASS_MIN_LEN Minimum acceptable password length. # PASS_WARN_AGE Number of days warning given before a password expires. # PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 #PASS_MIN_LEN PASS_WARN_AGE 7 # # If "yes", the user must be listed as a member of the first gid 0 group # in /etc/group (called "root" on most Linux systems) to be able to "su" # to uid 0 accounts. If the group doesn't exist or is empty, no one # will be able to "su" to uid 0. # #SU_WHEEL_ONLY # # If compiled with cracklib support, where are the dictionaries # #CRACKLIB_DICTPATH # # Min/max values for automatic uid selection in useradd # UID_MIN 1000 UID_MAX 60000 # System accounts SYS_UID_MIN 101 SYS_UID_MAX 999 # # Min/max values for automatic gid selection in groupadd # GID_MIN 1000 GID_MAX 60000 # System accounts SYS_GID_MIN 101 SYS_GID_MAX 999 # # Max number of login retries if password is bad # LOGIN_RETRIES 5 # # Max time in seconds for login # LOGIN_TIMEOUT 60 # # Maximum number of attempts to change password if rejected (too easy) # #PASS_CHANGE_TRIES # # Warn about weak passwords (but still allow them) if you are root. # #PASS_ALWAYS_WARN # # Number of significant characters in the password for crypt(). # Default is 8, don't change unless your crypt() is better. # Ignored if MD5_CRYPT_ENAB set to "yes". # #PASS_MAX_LEN 8 # # Require password before chfn/chsh can make any changes. # #CHFN_AUTH # # Which fields may be changed by regular users using chfn - use # any combination of letters "frwh" (full name, room number, work # phone, home phone). If not defined, no changes are allowed. # For backward compatibility, "yes" = "rwh" and "no" = "frwh". # CHFN_RESTRICT rwh # # Password prompt (%s will be replaced by user name). # # XXX - it doesn't work correctly yet, for now leave it commented out # to use the default which is just "Password: ". #LOGIN_STRING "%s's Password: " # # Only works if compiled with MD5_CRYPT defined: # If set to "yes", new passwords will be encrypted using the MD5-based # algorithm compatible with the one used by recent releases of FreeBSD. # It supports passwords of unlimited length and longer salt strings. # Set to "no" if you need to copy encrypted passwords to other systems # which don't understand the new algorithm. Default is "no". # # Note: If you use PAM, it is recommended to use a value consistent with # the PAM modules configuration. # # This variable is deprecated. You should use ENCRYPT_METHOD. # #MD5_CRYPT_ENAB no # # Only works if compiled with ENCRYPTMETHOD_SELECT defined: # If set to MD5 , MD5-based algorithm will be used for encrypting password # If set to SHA256, SHA256-based algorithm will be used for encrypting password # If set to SHA512, SHA512-based algorithm will be used for encrypting password # If set to DES, DES-based algorithm will be used for encrypting password (default) # Overrides the MD5_CRYPT_ENAB option # # Note: If you use PAM, it is recommended to use a value consistent with # the PAM modules configuration. # #ENCRYPT_METHOD DES # # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. # # Define the number of SHA rounds. # With a lot of rounds, it is more difficult to brute forcing the password. # But note also that it more CPU resources will be needed to authenticate # users. # # If not specified, the libc will choose the default number of rounds (5000). # The values must be inside the 1000-999999999 range. # If only one of the MIN or MAX values is set, then this value will be used. # If MIN > MAX, the highest value will be used. # # SHA_CRYPT_MIN_ROUNDS 5000 # SHA_CRYPT_MAX_ROUNDS 5000 # # List of groups to add to the user's supplementary group set # when logging in on the console (as determined by the CONSOLE # setting). Default is none. # # Use with caution - it is possible for users to gain permanent # access to these groups, even when not logged in on the console. # How to do it is left as an exercise for the reader... # #CONSOLE_GROUPS floppy:audio:cdrom # # Should login be allowed if we can't cd to the home directory? # Default in no. # DEFAULT_HOME yes # # If this file exists and is readable, login environment will be # read from it. Every line should be in the form name=value. # #ENVIRON_FILE # # If defined, this command is run when removing a user. # It should remove any at/cron/print jobs etc. owned by # the user to be removed (passed as the first argument). # #USERDEL_CMD /usr/sbin/userdel_local # # Enable setting of the umask group bits to be the same as owner bits # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is # the same as gid, and username is the same as the primary group name. # # This also enables userdel to remove user groups if no members exist. # USERGROUPS_ENAB yes # # If set to a non-nul number, the shadow utilities will make sure that # groups never have more than this number of users on one line. # This permit to support split groups (groups split into multiple lines, # with the same group ID, to avoid limitation of the line length in the # group file). # # 0 is the default value and disables this feature. # #MAX_MEMBERS_PER_GROUP 0 # # If useradd should create home directories for users by default (non # system users only) # This option is overridden with the -M or -m flags on the useradd command # line. # #CREATE_HOME yes |
Dieser Beitrag wurde bereits 1 mal editiert, zuletzt von »Niualj« (06.10.2016, 18:49)