login.access(5)

LOGIN.ACCESS(5)            UNIX Programmer's Manual            LOGIN.ACCESS(5)

NAME

     login.access - login access control table

DESCRIPTION

     The login.access file specifies on which ttys or from which hosts certain
     users are allowed to login.

     At login, the /etc/login.access file is checked for the first entry that
     matches a specific user/host or user/tty combination. That entry can ei-
     ther allow or deny login access to that user.

     Each entry have three fields separated by colon:

     o   The first field indicates the permission given if the entry matches.
         It can be either ``+'' (allow access) or ``-'' (deny access) .

     o   The second field is a comma separated list of users or groups for
         which the current entry applies. NIS netgroups can used (if config-
         ured) if preceeded by @. The magic string ALL matches all users.  A
         group will match if the user is a member of that group, or it is the
         user's primary group.

     o   The third field is a list of ttys, or network names. A network name
         can be either a hostname, a domain (indicated by a starting period),
         or a netgroup. As with the user list, ALL matches anything. LOCAL
         matches a string not containing a period.

     If the string EXCEPT is found in either the user or from list, the rest
     of the list are exceptions to the list before EXCEPT.

BUGS

     If there's a user and a group with the same name, there is no way to make
     the group match if the user also matches.

SEE ALSO

     login(1)

AUTHORS

     The login_access() function was written by Wietse Venema. This manual
     page was written for Heimdal.

 HEIMDAL                        March 21, 2003                               1