'\" t .\" Title: login.access .\" Author: Marek MichaƂkiewicz .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 11/08/2022 .\" Manual: File Formats and Configuration Files .\" Source: shadow-utils 4.13 .\" Language: English .\" .TH "LOGIN\&.ACCESS" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" login.access \- login access control table .SH "DESCRIPTION" .PP The \fIlogin\&.access\fR file specifies (user, host) combinations and/or (user, tty) combinations for which a login will be either accepted or refused\&. .PP When someone logs in, the \fIlogin\&.access\fR is scanned for the first entry that matches the (user, host) combination, or, in case of non\-networked logins, the first entry that matches the (user, tty) combination\&. The permissions field of that table entry determines whether the login will be accepted or refused\&. .PP Each line of the login access control table has three fields separated by a ":" character: .PP \fIpermission\fR:\fIusers\fR:\fIorigins\fR .PP The first field should be a "\fI+\fR" (access granted) or "\fI\-\fR" (access denied) character\&. The second field should be a list of one or more login names, group names, or \fIALL\fR (always matches)\&. The third field should be a list of one or more tty names (for non\-networked logins), host names, domain names (begin with "\&."), host addresses, internet network numbers (end with "\&."), \fIALL\fR (always matches) or \fILOCAL\fR (matches any string that does not contain a "\&." character)\&. If you run NIS you can use @netgroupname in host or user patterns\&. .PP The \fIEXCEPT\fR operator makes it possible to write very compact rules\&. .PP The group file is searched only when a name does not match that of the logged\-in user\&. Only groups are matched in which users are explicitly listed: the program does not look at a user\*(Aqs primary group id value\&. .SH "FILES" .PP /etc/login\&.defs .RS 4 Shadow password suite configuration\&. .RE .SH "SEE ALSO" .PP \fBlogin\fR(1)\&.