login access control table
file specifies on which ttys or
from which hosts certain users are allowed to login.
At login, the /etc/login.access
file is checked for
the first entry that matches a specific user/host or user/tty combination.
That entry can either allow or deny login access to that user.
Each entry have three fields separated by colon:
- The first field indicates the permission given if the
entry matches. It can be either “+” (allow access) or
“-” (deny access) .
- The second field is a comma separated list of users or
groups for which the current entry applies. NIS netgroups can used (if
configured) if preceeded by @. The magic string ALL matches all users. A
group will match if the user is a member of that group, or it is the
user's primary group.
- The third field is a list of ttys, or network names. A
network name can be either a hostname, a domain (indicated by a starting
period), or a netgroup. As with the user list, ALL matches anything. LOCAL
matches a string not containing a period.
If the string EXCEPT is found in either the user or from list, the rest of the
list are exceptions to the list before EXCEPT.
If there's a user and a group with the same name, there is no way to make the
group match if the user also matches.
() function was written by Wietse
Venema. This manual page was written for Heimdal.