?
Solved

login.conf tweaking

Posted on 2006-04-06
11
Medium Priority
?
596 Views
Last Modified: 2013-11-22
Hello, my login.conf looks like this:

default:\
        :passwd_format=blf:\
        :copyright=/etc/COPYRIGHT:\
        :welcome=/etc/motd:\
        :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
        :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
        :nologin=/var/run/nologin:\
        :cputime=unlimited:\
        :datasize=unlimited:\
        :stacksize=unlimited:\
        :memorylocked=unlimited:\
        :memoryuse=unlimited:\
        :filesize=unlimited:\
        :coredumpsize=unlimited:\
        :openfiles=unlimited:\
        :maxproc=unlimited:\
        :sbsize=unlimited:\
        :vmemoryuse=unlimited:\
        :priority=0:\
        :ignoretime@:\
        :umask=022:



bind:\
        :passwd_format=blf:\
        :mixpasswordcase=true:\
        :minpasswordlen=9:\
        :copyright=/etc/COPYRIGHT:\
        :welcome=/etc/motd:\
        :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
        :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
        :nologin=/var/run/nologin:\
        :cputime=unlimited:\
        :datasize=unlimited:\
        :stacksize=unlimited:\
        :memorylocked=150M:\
        :memoryuse=150M:\
        :filesize=unlimited:\
        :coredumpsize=0:\
        :openfiles=4048:\
        :maxproc=300:\
        :sbsize=unlimited:\
        :vmemoryuse=unlimited:\
        :priority=0:\
        :ignoretime@:\
        :umask=022:

users:\
        :passwd_format=blf:\
        :passwordtime=90d:\
        :mixpasswordcase=true:\
        :minpasswordlen=8:\
        :idletime=300m:\
        :copyright=/etc/COPYRIGHT:\
        :welcome=/etc/motd:\
        :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
        :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
        :nologin=/var/run/nologin:\
        :cputime=5m:\
        :datasize=32M:\
        :vmemoryuse=100M:\
        :stacksize=32M:\
        :memorylocked=32M:\
        :memoryuse=32M:\
        :filesize=50M:\
        :coredumpsize=32M:\
        :openfiles=150:\
        :requirehome:\
        :maxproc=10:\
        :priority=99:\
        :ignoretime@:\
        :umask=027:
The idea is to set those restrictions for group "users" . did cap_mkdb /etc/login.conf, but then i logged in with a user which is in that group, and tried to open 100 processes ... and i could do.
Where is my mistake ? why the settings are not applied ?
0
Comment
Question by:rares_dumitrescu
  • 6
  • 5
11 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 16395075
use vipw and assign user login class of "users"
5th fiels in passwd file after user,passwd,uid and gid

man 5 passwd for more reference on file format.
0
 

Author Comment

by:rares_dumitrescu
ID: 16396173
okay thing .. so .. the classes in login.conf, they refer to users or groups ?
0
 
LVL 62

Expert Comment

by:gheist
ID: 16401010
They match to login classes exclusively, not groups and users like in OpenBSD or NetBSD.
They cannot apply to superuser like in ="=

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:rares_dumitrescu
ID: 16401083
well i still do not understand. what i need is the restrictions from

users:\
        :passwd_format=blf:\
        :passwordtime=90d:\
        :mixpasswordcase=true:\
        :minpasswordlen=8:\
        :idletime=300m:\
        :copyright=/etc/COPYRIGHT:\
        :welcome=/etc/motd:\
        :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
        :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
        :nologin=/var/run/nologin:\
        :cputime=5m:\
        :datasize=32M:\
        :vmemoryuse=100M:\
        :stacksize=32M:\
        :memorylocked=32M:\
        :memoryuse=32M:\
        :filesize=50M:\
        :coredumpsize=32M:\
        :openfiles=150:\
        :requirehome:\
        :maxproc=10:\
        :priority=99:\
        :ignoretime@:\
        :umask=027:

to apply for each user in group users. what must i do in order to accomplish that?
0
 
LVL 62

Expert Comment

by:gheist
ID: 16401188
1) create list of users in goup
2) assign them to login group
3) run pwd_mkdb to recreate passwd and pwd.db and spwd.db
0
 

Author Comment

by:rares_dumitrescu
ID: 16405281
added user1 to group users.
cap_mkdb /etc/passwd
pwd_mkdb /etc/master.passwd

signed in with user and i was able to start 100 processes, though i have limited login.conf to 10. does it matter where in login.conf are the classes? i mean check out where class users is now. should i put it before class default ?
0
 
LVL 62

Accepted Solution

by:
gheist earned 1000 total points
ID: 16405603
You do not have to add group. You have to list users in a group and assign them login class.
First do that with vipw

root:xxx:0:0:YOU SHOULD BE ABLE TO WRITE IN THIS FIELD:0:0:Charlie &:/root:/bin/csh
0
 

Author Comment

by:rares_dumitrescu
ID: 16406659
so i make username users , with group users. i add all my users to group users, and then settings will take effect ?
0
 
LVL 62

Expert Comment

by:gheist
ID: 16407628
No - no matter group or username, they do not relate to login.conf, if you set 5th field of master.passwd via vipw, then login class restrictions other than default will apply to that user.
0
 

Author Comment

by:rares_dumitrescu
ID: 16408186
now i got what a login class is. is there a command which i can set the login class through ? because i have a ton of users and i wanna create a script that will change the login class for everyone
0
 

Author Comment

by:rares_dumitrescu
ID: 16408199
pw user mod user1 -L users / got it! Thanks for help. it rocked.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses
Course of the Month16 days, 1 hour left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question