2 .\" Title: login.access
3 .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
4 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
6 .\" Manual: File Formats and Conversions
7 .\" Source: File Formats and Conversions
10 .TH "LOGIN\&.ACCESS" "5" "02/16/2011" "File Formats and Conversions" "File Formats and Conversions"
11 .\" -----------------------------------------------------------------
12 .\" * Define some portability stuff
13 .\" -----------------------------------------------------------------
14 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
15 .\" http://bugs.debian.org/507673
16 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
17 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
20 .\" -----------------------------------------------------------------
21 .\" * set default formatting
22 .\" -----------------------------------------------------------------
23 .\" disable hyphenation
25 .\" disable justification (adjust text to left margin only)
27 .\" -----------------------------------------------------------------
28 .\" * MAIN CONTENT STARTS HERE *
29 .\" -----------------------------------------------------------------
31 login.access \- login access control table
36 file specifies (user, host) combinations and/or (user, tty) combinations for which a login will be either accepted or refused\&.
38 When someone logs in, the
40 is scanned for the first entry that matches the (user, host) combination, or, in case of non\-networked logins, the first entry that matches the (user, tty) combination\&. The permissions field of that table entry determines whether the login will be accepted or refused\&.
42 Each line of the login access control table has three fields separated by a ":" character:
45 \fIpermission\fR:\fIusers\fR:\fIorigins\fR
47 The first field should be a "\fI+\fR" (access granted) or "\fI\-\fR" (access denied) character\&. The second field should be a list of one or more login names, group names, or
49 (always matches)\&. The third field should be a list of one or more tty names (for non\-networked logins), host names, domain names (begin with "\&."), host addresses, internet network numbers (end with "\&."),
53 (matches any string that does not contain a "\&." character)\&. If you run NIS you can use @netgroupname in host or user patterns\&.
57 operator makes it possible to write very compact rules\&.
59 The group file is searched only when a name does not match that of the logged\-in user\&. Only groups are matched in which users are explicitly listed: the program does not look at a user\*(Aqs primary group id value\&.
64 Shadow password suite configuration\&.