Login classes are a mechanism mainly used to set various process properties and attributes at login, depending on the user logging in and the login class he is a member of. A login class typically specifies resource limits, environment variables and process properties such as scheduling priority and umask. See login.conf(5) for more information.

The priority and umask capabilities now accept the inherit special value to explicitly request property inheritance from the login process. This is useful, e.g., when temporarily logging in as another user from a process with a non-default priority to ensure that processes launched by this user still have the same priority level.

Users can now override the global setting for the priority capability (in /etc/login.conf) in their local configuration file (~/.login_conf). Note however that they cannot increase their priority if they are not privileged, and that using inherit in this context makes no sense, since the global setting is always applied first.

Fixes:

We have also updated the relevant manual pages to reflect the new functionality, and improved the description of the priority and umask capabilities in login.conf(5).

Some of the patches in the series have been reviewed thanks to Konstantin Belousov and Warner Losh. Other patches are waiting for reviews (and reviewers, volunteers welcome!), which are not expected to be labored.

We plan to improve consistency by deprecating the priority reset to 0 when no value for the capability priority is explicitly specified, which has been the case for umask for 15+ years.

Sponsor: Kumacom SAS (for development work)
Sponsor: The FreeBSD Foundation (for some reviews)