Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
LOGIN.ACCESS(5)		    BSD	File Formats Manual	       LOGIN.ACCESS(5)

     login.access -- login access control table

     The login.access file specifies (user, host) combinations and/or (user,
     tty) combinations for which a login will be either	accepted or refused.

     When someone logs in, the login.access is scanned for the first entry
     that matches the (user, host) combination,	or, in case of non-networked
     logins, the first entry that matches the (user, tty) combination.	The
     permissions field of that table entry determines whether the login	will
     be	accepted or refused.

     Each line of the login access control table has three fields separated by
     a `:' character: permission:users:origins

     The first field should be a "+" (access granted) or "-" (access denied)
     character.	 The second field should be a list of one or more login	names,
     group names, or ALL (always matches).  The	third field should be a	list
     of	one or more tty	names (for non-networked logins), host names, domain
     names (begin with "."), host addresses, internet network numbers (end
     with "."),	ALL (always matches) or	LOCAL (matches any string that does
     not contain a "." character).  If you run NIS you can use @netgroupname
     in	host or	user patterns.

     The EXCEPT	operator makes it possible to write very compact rules.

     The group file is searched	only when a name does not match	that of	the
     logged-in user.  Only groups are matched in which users are explicitly
     listed: the program does not look at a user's primary group id value.

     /etc/login.access	login access control table

     login(1), pam_login_access(8)

     Guido van Rooij

BSD			      September	13, 2006			   BSD


Want to link to this manual page? Use this URL:

home | help