summaryrefslogtreecommitdiffstats
path: root/man/man5/login.access.5
blob: f7d5bc7d5f56b858ee1e7e927dbceb2a74a891d9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
'\" t
.\"     Title: login.access
.\"    Author: Marek Michałkiewicz
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\"      Date: 06/21/2024
.\"    Manual: File Formats and Configuration Files
.\"    Source: shadow-utils 4.15.2
.\"  Language: English
.\"
.TH "LOGIN\&.ACCESS" "5" "06/21/2024" "shadow\-utils 4\&.15\&.2" "File Formats and Configuration"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
login.access \- login access control table
.SH "DESCRIPTION"
.PP
The
\fIlogin\&.access\fR
file specifies (user, host) combinations and/or (user, tty) combinations for which a login will be either accepted or refused\&.
.PP
When someone logs in, the
\fIlogin\&.access\fR
is scanned for the first entry that matches the (user, host) combination, or, in case of non\-networked logins, the first entry that matches the (user, tty) combination\&. The permissions field of that table entry determines whether the login will be accepted or refused\&.
.PP
Each line of the login access control table has three fields separated by a ":" character:
.PP
\fIpermission\fR:\fIusers\fR:\fIorigins\fR
.PP
The first field should be a "\fI+\fR" (access granted) or "\fI\-\fR" (access denied) character\&. The second field should be a list of one or more login names, group names, or
\fIALL\fR
(always matches)\&. The third field should be a list of one or more tty names (for non\-networked logins), host names, domain names (begin with "\&."), host addresses, internet network numbers (end with "\&."),
\fIALL\fR
(always matches) or
\fILOCAL\fR
(matches any string that does not contain a "\&." character)\&. If you run NIS you can use @netgroupname in host or user patterns\&.
.PP
The
\fIEXCEPT\fR
operator makes it possible to write very compact rules\&.
.PP
The group file is searched only when a name does not match that of the logged\-in user\&. Only groups are matched in which users are explicitly listed: the program does not look at a user\*(Aqs primary group id value\&.
.SH "FILES"
.PP
/etc/login\&.defs
.RS 4
Shadow password suite configuration\&.
.RE
.SH "SEE ALSO"
.PP
\fBlogin\fR(1)\&.