rares_dumitrescu
asked on
login.conf tweaking
Hello, my login.conf looks like this:
default:\
:passwd_format=blf:\
:copyright=/etc/COPYRIGHT:
:welcome=/etc/motd:\
:setenv=MAIL=/var/mail/$,B
:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
:nologin=/var/run/nologin:
:cputime=unlimited:\
:datasize=unlimited:\
:stacksize=unlimited:\
:memorylocked=unlimited:\
:memoryuse=unlimited:\
:filesize=unlimited:\
:coredumpsize=unlimited:\
:openfiles=unlimited:\
:maxproc=unlimited:\
:sbsize=unlimited:\
:vmemoryuse=unlimited:\
:priority=0:\
:ignoretime@:\
:umask=022:
bind:\
:passwd_format=blf:\
:mixpasswordcase=true:\
:minpasswordlen=9:\
:copyright=/etc/COPYRIGHT:
:welcome=/etc/motd:\
:setenv=MAIL=/var/mail/$,B
:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
:nologin=/var/run/nologin:
:cputime=unlimited:\
:datasize=unlimited:\
:stacksize=unlimited:\
:memorylocked=150M:\
:memoryuse=150M:\
:filesize=unlimited:\
:coredumpsize=0:\
:openfiles=4048:\
:maxproc=300:\
:sbsize=unlimited:\
:vmemoryuse=unlimited:\
:priority=0:\
:ignoretime@:\
:umask=022:
users:\
:passwd_format=blf:\
:passwordtime=90d:\
:mixpasswordcase=true:\
:minpasswordlen=8:\
:idletime=300m:\
:copyright=/etc/COPYRIGHT:
:welcome=/etc/motd:\
:setenv=MAIL=/var/mail/$,B
:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
:nologin=/var/run/nologin:
:cputime=5m:\
:datasize=32M:\
:vmemoryuse=100M:\
:stacksize=32M:\
:memorylocked=32M:\
:memoryuse=32M:\
:filesize=50M:\
:coredumpsize=32M:\
:openfiles=150:\
:requirehome:\
:maxproc=10:\
:priority=99:\
:ignoretime@:\
:umask=027:
The idea is to set those restrictions for group "users" . did cap_mkdb /etc/login.conf, but then i logged in with a user which is in that group, and tried to open 100 processes ... and i could do.
Where is my mistake ? why the settings are not applied ?
default:\
:passwd_format=blf:\
:copyright=/etc/COPYRIGHT:
:welcome=/etc/motd:\
:setenv=MAIL=/var/mail/$,B
:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
:nologin=/var/run/nologin:
:cputime=unlimited:\
:datasize=unlimited:\
:stacksize=unlimited:\
:memorylocked=unlimited:\
:memoryuse=unlimited:\
:filesize=unlimited:\
:coredumpsize=unlimited:\
:openfiles=unlimited:\
:maxproc=unlimited:\
:sbsize=unlimited:\
:vmemoryuse=unlimited:\
:priority=0:\
:ignoretime@:\
:umask=022:
bind:\
:passwd_format=blf:\
:mixpasswordcase=true:\
:minpasswordlen=9:\
:copyright=/etc/COPYRIGHT:
:welcome=/etc/motd:\
:setenv=MAIL=/var/mail/$,B
:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
:nologin=/var/run/nologin:
:cputime=unlimited:\
:datasize=unlimited:\
:stacksize=unlimited:\
:memorylocked=150M:\
:memoryuse=150M:\
:filesize=unlimited:\
:coredumpsize=0:\
:openfiles=4048:\
:maxproc=300:\
:sbsize=unlimited:\
:vmemoryuse=unlimited:\
:priority=0:\
:ignoretime@:\
:umask=022:
users:\
:passwd_format=blf:\
:passwordtime=90d:\
:mixpasswordcase=true:\
:minpasswordlen=8:\
:idletime=300m:\
:copyright=/etc/COPYRIGHT:
:welcome=/etc/motd:\
:setenv=MAIL=/var/mail/$,B
:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
:nologin=/var/run/nologin:
:cputime=5m:\
:datasize=32M:\
:vmemoryuse=100M:\
:stacksize=32M:\
:memorylocked=32M:\
:memoryuse=32M:\
:filesize=50M:\
:coredumpsize=32M:\
:openfiles=150:\
:requirehome:\
:maxproc=10:\
:priority=99:\
:ignoretime@:\
:umask=027:
The idea is to set those restrictions for group "users" . did cap_mkdb /etc/login.conf, but then i logged in with a user which is in that group, and tried to open 100 processes ... and i could do.
Where is my mistake ? why the settings are not applied ?
ASKER
okay thing .. so .. the classes in login.conf, they refer to users or groups ?
They match to login classes exclusively, not groups and users like in OpenBSD or NetBSD.
They cannot apply to superuser like in ="=
They cannot apply to superuser like in ="=
ASKER
well i still do not understand. what i need is the restrictions from
users:\
:passwd_format=blf:\
:passwordtime=90d:\
:mixpasswordcase=true:\
:minpasswordlen=8:\
:idletime=300m:\
:copyright=/etc/COPYRIGHT:
:welcome=/etc/motd:\
:setenv=MAIL=/var/mail/$,B
:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
:nologin=/var/run/nologin:
:cputime=5m:\
:datasize=32M:\
:vmemoryuse=100M:\
:stacksize=32M:\
:memorylocked=32M:\
:memoryuse=32M:\
:filesize=50M:\
:coredumpsize=32M:\
:openfiles=150:\
:requirehome:\
:maxproc=10:\
:priority=99:\
:ignoretime@:\
:umask=027:
to apply for each user in group users. what must i do in order to accomplish that?
users:\
:passwd_format=blf:\
:passwordtime=90d:\
:mixpasswordcase=true:\
:minpasswordlen=8:\
:idletime=300m:\
:copyright=/etc/COPYRIGHT:
:welcome=/etc/motd:\
:setenv=MAIL=/var/mail/$,B
:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
:nologin=/var/run/nologin:
:cputime=5m:\
:datasize=32M:\
:vmemoryuse=100M:\
:stacksize=32M:\
:memorylocked=32M:\
:memoryuse=32M:\
:filesize=50M:\
:coredumpsize=32M:\
:openfiles=150:\
:requirehome:\
:maxproc=10:\
:priority=99:\
:ignoretime@:\
:umask=027:
to apply for each user in group users. what must i do in order to accomplish that?
1) create list of users in goup
2) assign them to login group
3) run pwd_mkdb to recreate passwd and pwd.db and spwd.db
2) assign them to login group
3) run pwd_mkdb to recreate passwd and pwd.db and spwd.db
ASKER
added user1 to group users.
cap_mkdb /etc/passwd
pwd_mkdb /etc/master.passwd
signed in with user and i was able to start 100 processes, though i have limited login.conf to 10. does it matter where in login.conf are the classes? i mean check out where class users is now. should i put it before class default ?
cap_mkdb /etc/passwd
pwd_mkdb /etc/master.passwd
signed in with user and i was able to start 100 processes, though i have limited login.conf to 10. does it matter where in login.conf are the classes? i mean check out where class users is now. should i put it before class default ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
so i make username users , with group users. i add all my users to group users, and then settings will take effect ?
No - no matter group or username, they do not relate to login.conf, if you set 5th field of master.passwd via vipw, then login class restrictions other than default will apply to that user.
ASKER
now i got what a login class is. is there a command which i can set the login class through ? because i have a ton of users and i wanna create a script that will change the login class for everyone
ASKER
pw user mod user1 -L users / got it! Thanks for help. it rocked.
5th fiels in passwd file after user,passwd,uid and gid
man 5 passwd for more reference on file format.