Scroll to navigation

LOGIN.ACCESS(5) File Formats Manual LOGIN.ACCESS(5)


login access control table


The login.access file specifies on which ttys or from which hosts certain users are allowed to login.
At login, the /etc/login.access file is checked for the first entry that matches a specific user/host or user/tty combination. That entry can either allow or deny login access to that user.
Each entry have three fields separated by colon:
  • The first field indicates the permission given if the entry matches. It can be either “+” (allow access) or “-” (deny access) .
  • The second field is a comma separated list of users or groups for which the current entry applies. NIS netgroups can used (if configured) if preceeded by @. The magic string ALL matches all users. A group will match if the user is a member of that group, or it is the user's primary group.
  • The third field is a list of ttys, or network names. A network name can be either a hostname, a domain (indicated by a starting period), or a netgroup. As with the user list, ALL matches anything. LOCAL matches a string not containing a period.
If the string EXCEPT is found in either the user or from list, the rest of the list are exceptions to the list before EXCEPT.


If there's a user and a group with the same name, there is no way to make the group match if the user also matches.




The login_access() function was written by Wietse Venema. This manual page was written for Heimdal.
March 21, 2003 HEIMDAL