Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
Copyright Info
Terms of Use
Privacy Info
Masthead / Impressum
Your Account

Private Messages

News Archive
Submit News
User Articles
Web Links


The Web

Who's Online
There are currently, 64 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here




       The /etc/login.defs file defines the site-specific config­
       uration  for  the  shadow  login  suite.   This  file   is
       required.   Absence  of  this file will not prevent system
       operation, but will probably result in undesirable  opera­

       This  file  is a readable text file, each line of the file
       describing one configuration parameter.  The lines consist
       of  a  configuration  name and value, seperated by whites­
       pace.  Blank lines and comment lines  are  ignored.   Com­
       ments  are  introduced with a `#' pound sign and the pound
       sign must be the first non-white character of the line.

       Parameter values may be of four types:  strings, booleans,
       numbers,  and  long numbers.  A string is comprised of any
       printable characters.  A  boolean  should  be  either  the
       value  ``yes''  or ``no''.  An undefined boolean parameter
       or one with a value other  than  these  will  be  given  a
       ``no''  value.   Numbers  (both  regular  and long) may be
       either decimal values, octal  values  (precede  the  value
       with  ``0'') or hexadecimal values (precede the value with
       ``0x'').  The  maximum  value  of  the  regular  and  long
       numeric parameters is machine-dependant.

       The following configuration items are provided:

       CHFN_AUTH (boolean)
              If  yes,  the  chfn  and chsh programs will ask for
              password before making any changes, unless  run  by
              the superuser.

       CHFN_RESTRICT (string)
              This  parameter specifies which values in the gecos
              field of the passwd file may be changed by  regular
              users using the chfn program.  It can be any combi­
              nation of letters f, r, w, h, for Full  name,  Room
              number,  Work  phone, and Home phone, respectively.
              If not specified, only the superuser can  make  any

       DEFAULT_HOME (boolean)
              If  the  home directory of a user is not reachable,
              should the use be allowed to login ?

       ENV_PATH (string)
              This parameter must be defined as the  search  path
              for  regular  users.   When  a login with UID other
              than zero occurs, the PATH environment parameter is
              initialized to this value.

       ENV_ROOTPATH (string)
              Range of group IDs to choose from for the  groupadd

       HUSHLOGIN_FILE (string)
              This  parameter  is used to establish ``hushlogin''
              conditions.  There are two possible ways to  estab­
              lish these conditions.  First, if the value of this
              parameter is a filename and that file exists in the
              user's home directory then ``hushlogin'' conditions
              will be in effect.  The contents of this  file  are
              ignored;  its  mere presence triggers ``hushlogin''
              conditions.  Second, if the value of this parameter
              is a full pathname and either the user's login name
              or the user's shell is found  in  this  file,  then
              ``hushlogin''  conditions  will  be  in effect.  In
              this case, the file should be in a  format  similar


              If  this  parameter  is not defined, then ``hushlo­
              gin'' conditions will never occur.  When  ``hushlo­
              gin''  conditions  are  established, the message of
              the day, last  successful  and  unsuccessful  login
              display,  mail  status  display, and password aging
              checks are suppressed.  Note that allowing  hushlo­
              gin  files in user home directories allows the user
              to disable password aging checks.   See  MOTD_FILE,
              FAILLOG_ENAB  and LASTLOG_ENAB for related informa­
              tion. Futures enabled through PAM modules  are  not
              affected  by  this.  pam_mail will show if there is
              new mail or not.

       LASTLOG_ENAB (boolean)
              If yes, and if the  /var/log/lastlog  file  exists,
              then  a  successful  user login will be recorded to
              this file.  Furthermore, if this option is  enabled
              then  the  times  of the most recent successful and
              unsuccessful logins will be displayed to  the  user
              upon login.  The unsuccessful login display will be
              suppressed if  FAILLOG_ENAB  is  not  enabled.   If
              ``hushlogin''  conditions  are in effect, then both
              the successful and unsuccessful  login  information
              will be suppressed.

       LOGIN_RETRIES (number)
              Number  of  login attempts allowed before the login
              program exits.

       MOTD_FILE (string)
              This parameter specifies a colon-delimited list  of
              pathnames  to  ``message  of the day'' files.  If a
              specified file exists, then its contents  are  dis­
              played  to  the user upon login.  If this parameter
              is not defined or  ``hushlogin''  login  conditions
              are in effect, this information will be suppressed.

       PASS_MIN_DAYS (number)
              The minimum number of days allowed between password
              changes.   Any  password  changes  attempted sooner
              than this will be rejected.  If  not  specified,  a
              zero value will be assumed.

       PASS_MAX_DAYS (number)
              The  maximum number of days a password may be used.
              If the  password  is  older  than  this,  then  the
              account  will be locked.  If not specified, a large
              value will be assumed.

       PASS_WARN_AGE (number)
              The number of days warning given before a  password
              expires.   A  zero means warning is given only upon
              the day of expiration, a negative  value  means  no
              warning  is  given.   If  not specified, no warning
              will be provided.

       TTYGROUP (string or number)
              The group ownership of the terminal is  initialized
              to this group name or number.  One well-known secu­
              rity  attack  involves  forcing  terminal   control
              sequences  upon another user's terminal line.  This
              problem can be  averted  by  disabling  permissions
              which  allow  other  users  to  access the terminal
              line, but this unfortunately prevents programs such
              as  write  from  operating.  Another solution is to
              use a version of the write  program  which  filters
              out potentially dangerous character sequences, make
              this program ``setgid'' to a special group,  assign
              group  ownership  of the terminal line to this spe­
              cial group, and assign permissions of 0620  to  the
              terminal  line.   The  TTYGROUP definition has been
              provided for just this situation.  If this item  is
              not defined, then the group ownership of the termi­
              nal is initialized to the user's group number.  See
              TTYPERMS for related information.

       TTYPERM (number)
              The  login  terminal permissions are initialized to
              this value.  Typical values will be 0622 to  permit
              others  write  access to the line or 0600 to secure
                     .         .
                     .         .

              This information is only  used  to  initialize  the
              TERM environment parameter when it does not already
              exist.  A line starting with  a  ``#''  pound  sign
              will  be treated as a comment.  If this paramter is
              not specified, the file does not exist, or the ter­
              minal  line is not found in the file, then the TERM
              environment parameter will not be set.

       UID_MAX (number)
              Max user ID value for automatic  uid  selection  in

       UID_MIN (number)
              Min  user  ID  value for automatic uid selection in

       UMASK (number)
              The permission mask is initialized to  this  value.
              It is used by useradd and newusers for creating new
              home directories. If not specified, the  permission
              mask will be initialized to 0077.

       USERDEL_CMD (string)
              If  defined,  this  command  is run when removing a
              user  with   userdel.    It   should   remove   any
              at/cron/print  jobs  etc.  owned  by the user to be
              removed (passed as the first argument).


       The following cross reference shows which programs in  the
       shadow login suite use which parameters.






Help us cut cost by not downloading the whole site!
Use of automated download sofware ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and therefore is expressedly prohibited. For more details on this, take a look here



Security Code
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!

Amazon Wish List

Did You Know?
You can get all the latest Site and Linux news by checking out our news page.


Tell a Friend About Us

Bookmark and Share

Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.11 Seconds