diff options
Diffstat (limited to 'man/man5/login.access.5')
-rw-r--r-- | man/man5/login.access.5 | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/man/man5/login.access.5 b/man/man5/login.access.5 new file mode 100644 index 0000000..37d57b2 --- /dev/null +++ b/man/man5/login.access.5 @@ -0,0 +1,67 @@ +'\" t +.\" Title: login.access +.\" Author: Marek MichaĆkiewicz +.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> +.\" Date: 11/08/2022 +.\" Manual: File Formats and Configuration Files +.\" Source: shadow-utils 4.13 +.\" Language: English +.\" +.TH "LOGIN\&.ACCESS" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +login.access \- login access control table +.SH "DESCRIPTION" +.PP +The +\fIlogin\&.access\fR +file specifies (user, host) combinations and/or (user, tty) combinations for which a login will be either accepted or refused\&. +.PP +When someone logs in, the +\fIlogin\&.access\fR +is scanned for the first entry that matches the (user, host) combination, or, in case of non\-networked logins, the first entry that matches the (user, tty) combination\&. The permissions field of that table entry determines whether the login will be accepted or refused\&. +.PP +Each line of the login access control table has three fields separated by a ":" character: +.PP +\fIpermission\fR:\fIusers\fR:\fIorigins\fR +.PP +The first field should be a "\fI+\fR" (access granted) or "\fI\-\fR" (access denied) character\&. The second field should be a list of one or more login names, group names, or +\fIALL\fR +(always matches)\&. The third field should be a list of one or more tty names (for non\-networked logins), host names, domain names (begin with "\&."), host addresses, internet network numbers (end with "\&."), +\fIALL\fR +(always matches) or +\fILOCAL\fR +(matches any string that does not contain a "\&." character)\&. If you run NIS you can use @netgroupname in host or user patterns\&. +.PP +The +\fIEXCEPT\fR +operator makes it possible to write very compact rules\&. +.PP +The group file is searched only when a name does not match that of the logged\-in user\&. Only groups are matched in which users are explicitly listed: the program does not look at a user\*(Aqs primary group id value\&. +.SH "FILES" +.PP +/etc/login\&.defs +.RS 4 +Shadow password suite configuration\&. +.RE +.SH "SEE ALSO" +.PP +\fBlogin\fR(1)\&. |