1 .\"$Id: login.access.5,v 1.3 2001/01/25 10:43:50 kloczek Exp $
7 login.access \- Login access control table
11 file specifies (user, host) combinations and/or (user, tty)
12 combinations for which a login will be either accepted or refused.
14 When someone logs in, the
16 is scanned for the first entry that
17 matches the (user, host) combination, or, in case of non-networked
18 logins, the first entry that matches the (user, tty) combination. The
19 permissions field of that table entry determines whether the login will
20 be accepted or refused.
22 Each line of the login access control table has three fields separated by a
25 .IR permission : users : origins
27 The first field should be a "\fB+\fR" (access granted) or "\fB-\fR"
28 (access denied) character. The second field should be a list of one or
29 more login names, group names, or
31 (always matches). The third field should be a list
32 of one or more tty names (for non-networked logins), host names, domain
33 names (begin with "\fB.\fR"), host addresses, internet network numbers
38 (matches any string that does not contain a "\fB.\fR" character).
39 If you run NIS you can use @netgroupname in host or user patterns.
43 operator makes it possible to write very compact rules.
45 The group file is searched only when a name does not match that of the
46 logged-in user. Only groups are matched in which users are explicitly
47 listed: the program does not look at a user's primary group id value.