summaryrefslogtreecommitdiff
path: root/man/login.access.5.xml
diff options
context:
space:
mode:
Diffstat (limited to 'man/login.access.5.xml')
-rw-r--r--man/login.access.5.xml140
1 files changed, 140 insertions, 0 deletions
diff --git a/man/login.access.5.xml b/man/login.access.5.xml
new file mode 100644
index 00000000..5c0f30c6
--- /dev/null
+++ b/man/login.access.5.xml
@@ -0,0 +1,140 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ Copyright (c) 2001 - 2006, Tomasz Kłoczko
+ Copyright (c) 2007 - 2008, Nicolas François
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. The name of the copyright holders or contributors may not be used to
+ endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!-- SHADOW-CONFIG-HERE -->
+]>
+<refentry id='login.access.5'>
+ <!-- $Id: login.access.5.xml 3742 2012-05-25 11:45:21Z nekral-guest $ -->
+ <refentryinfo>
+ <author>
+ <firstname>Marek</firstname>
+ <surname>Michałkiewicz</surname>
+ <contrib>Creation, 1996</contrib>
+ </author>
+ <author>
+ <firstname>Thomas</firstname>
+ <surname>Kłoczko</surname>
+ <email>kloczek@pld.org.pl</email>
+ <contrib>shadow-utils maintainer, 2000 - 2007</contrib>
+ </author>
+ <author>
+ <firstname>Nicolas</firstname>
+ <surname>François</surname>
+ <email>nicolas.francois@centraliens.net</email>
+ <contrib>shadow-utils maintainer, 2007 - now</contrib>
+ </author>
+ </refentryinfo>
+ <refmeta>
+ <refentrytitle>login.access</refentrytitle>
+ <manvolnum>5</manvolnum>
+ <refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
+ <refmiscinfo class="source">shadow-utils</refmiscinfo>
+ <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
+ </refmeta>
+ <refnamediv id='name'>
+ <refname>login.access</refname>
+ <refpurpose>login access control table</refpurpose>
+ </refnamediv>
+
+ <refsect1 id='description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <emphasis remap='I'>login.access</emphasis> file specifies (user,
+ host) combinations and/or (user, tty) combinations for which a login
+ will be either accepted or refused.
+ </para>
+
+ <para>
+ When someone logs in, the <emphasis remap='I'>login.access</emphasis>
+ is scanned for the first entry that matches the (user, host)
+ combination, or, in case of non-networked logins, the first entry that
+ matches the (user, tty) combination. The permissions field of that
+ table entry determines whether the login will be accepted or refused.
+ </para>
+
+ <para>
+ Each line of the login access control table has three fields separated
+ by a ":" character:
+ </para>
+
+ <para>
+ <emphasis remap='I'>permission</emphasis>:<emphasis remap='I'>users</emphasis>:<emphasis remap='I'>origins</emphasis>
+ </para>
+
+ <para>
+ The first field should be a "<emphasis>+</emphasis>" (access granted)
+ or "<emphasis>-</emphasis>" (access denied) character. The second
+ field should be a list of one or more login names, group names, or
+ <emphasis>ALL</emphasis> (always matches). The third field should be a
+ list of one or more tty names (for non-networked logins), host names,
+ domain names (begin with "<literal>.</literal>"), host addresses,
+ internet network numbers (end with "<literal>.</literal>"),
+ <emphasis>ALL</emphasis> (always matches) or
+ <emphasis>LOCAL</emphasis> (matches any string that does not contain a
+ "<literal>.</literal>" character). If you run NIS you can use
+ @netgroupname in host or user patterns.
+ </para>
+
+ <para>
+ The <emphasis>EXCEPT</emphasis> operator makes it possible to write
+ very compact rules.
+ </para>
+
+ <para>
+ The group file is searched only when a name does not match that of the
+ logged-in user. Only groups are matched in which users are explicitly
+ listed: the program does not look at a user's primary group id value.
+ </para>
+ </refsect1>
+
+ <refsect1 id='files'>
+ <title>FILES</title>
+ <variablelist>
+ <varlistentry>
+ <term><filename>/etc/login.defs</filename></term>
+ <listitem>
+ <para>Shadow password suite configuration.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>.
+ </para>
+ </refsect1>
+</refentry>