1LOGIN.DEFS(5)            File Formats and Conversions            LOGIN.DEFS(5)
2
3
4

NAME

6       login.defs - shadow password suite configuration
7

DESCRIPTION

9       The /etc/login.defs file defines the site-specific configuration for
10       the shadow password suite. This file is required. Absence of this file
11       will not prevent system operation, but will probably result in
12       undesirable operation.
13
14       This file is a readable text file, each line of the file describing one
15       configuration parameter. The lines consist of a configuration name and
16       value, separated by whitespace. Blank lines and comment lines are
17       ignored. Comments are introduced with a "#" pound sign and the pound
18       sign must be the first non-white character of the line.
19
20       Parameter values may be of four types: strings, booleans, numbers, and
21       long numbers. A string is comprised of any printable characters. A
22       boolean should be either the value "yes" or "no". An undefined boolean
23       parameter or one with a value other than these will be given a "no"
24       value. Numbers (both regular and long) may be either decimal values,
25       octal values (precede the value with "0") or hexadecimal values
26       (precede the value with "0x"). The maximum value of the regular and
27       long numeric parameters is machine-dependent.
28
29       The following configuration items are provided:
30
31       CHFN_AUTH (boolean)
32          If yes, the chfn and chsh programs will require authentication
33          before making any changes, unless run by the superuser.
34
35       CHFN_RESTRICT (string)
36          This parameter specifies which values in the gecos field of the
37          /etc/passwd file may be changed by regular users using the chfn
38          program. It can be any combination of letters f ,r, w, h, for Full
39          name, Room number, Work phone, and Home phone, respectively. For
40          backward compatibility, "yes" is equivalent to "rwh" and "no" is
41          equivalent to "frwh". If not specified, only the superuser can make
42          any changes. The most restrictive setting is better achieved by not
43          installing chfn SUID.
44
45       GID_MAX (number), GID_MIN (number)
46          Range of group IDs to choose from for the useradd and groupadd
47          programs.
48
49       MAIL_DIR (string)
50          The mail spool directory. This is needed to manipulate the mailbox
51          when its corresponding user account is modified or deleted. If not
52          specified, a compile-time default is used.
53
54       PASS_MAX_DAYS (number)
55          The maximum number of days a password may be used. If the password
56          is older than this, a password change will be forced. If not
57          specified, -1 will be assumed (which disables the restriction).
58
59       PASS_MIN_DAYS (number)
60          The minimum number of days allowed between password changes. Any
61          password changes attempted sooner than this will be rejected. If not
62          specified, -1 will be assumed (which disables the restriction).
63
64       PASS_WARN_AGE (number)
65          The number of days warning given before a password expires. A zero
66          means warning is given only upon the day of expiration, a negative
67          value means no warning is given. If not specified, no warning will
68          be provided.
69
70       PASS_MAX_DAYS, PASS_MIN_DAYS and PASS_WARN_AGE are only used at the
71       time of account creation. Any changes to these settings won't affect
72       existing accounts.
73
74       UID_MAX (number), UID_MIN (number)
75          Range of user IDs to choose from for the useradd program.
76
77       UMASK (number)
78          The permission mask is initialized to this value. If not specified,
79          the permission mask will be initialized to 022.
80
81       USERDEL_CMD (string)
82          If defined, this command is run when removing a user. It should
83          remove any at/cron/print jobs etc. owned by the user to be removed
84          (passed as the first argument).
85

CROSS REFERENCE

87       The following cross reference shows which programs in the shadow
88       password suite use which parameters.
89
90       chfn
91          CHFN_AUTH CHFN_RESTRICT
92
93       chsh
94          CHFN_AUTH
95
96       groupadd
97          GID_MAX GID_MIN
98
99       newusers
100          PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE UMASK
101
102       pwconv
103          PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
104
105       useradd
106          GID_MAX GID_MIN PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE UID_MAX
107          UID_MIN UMASK
108
109       userdel
110          MAIL_DIR USERDEL_CMD
111
112       usermod
113          MAIL_DIR
114

BUGS

116       Much of the functionality that used to be provided by the shadow
117       password suite is now handled by PAM. Thus, /etc/login.defs is no
118       longer used by programs such as: login(1), passwd(1), su(1). Please
119       refer to the corresponding PAM configuration files instead.
120

SEE ALSO

122       login(1), passwd(1), su(1), passwd(5), shadow(5), pam(8).
123
124
125
126File Formats and Conversions      07/30/2006                     LOGIN.DEFS(5)
Impressum