|
 |
5ab9c0 |
#
|
|
|
5ab9c0 |
# Please note that the parameters in this configuration file control the
|
|
|
5ab9c0 |
# behavior of the tools from the shadow-utils component. None of these
|
|
|
5ab9c0 |
# tools uses the PAM mechanism, and the utilities that use PAM (such as the
|
|
|
5ab9c0 |
# passwd command) should therefore be configured elsewhere. Refer to
|
|
|
5ab9c0 |
# /etc/pam.d/system-auth for more information.
|
|
|
5ab9c0 |
#
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
# *REQUIRED*
|
|
|
5ab9c0 |
# Directory where mailboxes reside, _or_ name of file, relative to the
|
|
|
5ab9c0 |
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
|
|
|
5ab9c0 |
# QMAIL_DIR is for Qmail
|
|
|
5ab9c0 |
#
|
|
|
5ab9c0 |
#QMAIL_DIR Maildir
|
|
|
5ab9c0 |
MAIL_DIR /var/spool/mail
|
|
|
5ab9c0 |
#MAIL_FILE .mail
|
|
|
5ab9c0 |
|
|
|
0a22bc |
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
|
|
|
0a22bc |
# Default "umask" value for pam_umask(8) on PAM enabled systems.
|
|
|
0a22bc |
# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
|
|
|
0a22bc |
# home directories if HOME_MODE is not set.
|
|
|
0a22bc |
# 022 is the default value, but 027, or even 077, could be considered
|
|
|
0a22bc |
# for increased privacy. There is no One True Answer here: each sysadmin
|
|
|
0a22bc |
# must make up their mind.
|
|
|
0a22bc |
UMASK 022
|
|
|
0a22bc |
|
|
|
0a22bc |
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
|
|
|
0a22bc |
# home directories.
|
|
|
0a22bc |
# If HOME_MODE is not set, the value of UMASK is used to create the mode.
|
|
|
0a22bc |
HOME_MODE 0700
|
|
|
0a22bc |
|
|
|
5ab9c0 |
# Password aging controls:
|
|
|
5ab9c0 |
#
|
|
|
5ab9c0 |
# PASS_MAX_DAYS Maximum number of days a password may be used.
|
|
|
5ab9c0 |
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
|
|
|
5ab9c0 |
# PASS_MIN_LEN Minimum acceptable password length.
|
|
|
5ab9c0 |
# PASS_WARN_AGE Number of days warning given before a password expires.
|
|
|
5ab9c0 |
#
|
|
|
5ab9c0 |
PASS_MAX_DAYS 99999
|
|
|
5ab9c0 |
PASS_MIN_DAYS 0
|
|
|
5ab9c0 |
PASS_MIN_LEN 5
|
|
|
5ab9c0 |
PASS_WARN_AGE 7
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
#
|
|
|
5ab9c0 |
# Min/max values for automatic uid selection in useradd
|
|
|
5ab9c0 |
#
|
|
|
5ab9c0 |
UID_MIN 1000
|
|
|
5ab9c0 |
UID_MAX 60000
|
|
|
5ab9c0 |
# System accounts
|
|
|
5ab9c0 |
SYS_UID_MIN 201
|
|
|
5ab9c0 |
SYS_UID_MAX 999
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
#
|
|
|
5ab9c0 |
# Min/max values for automatic gid selection in groupadd
|
|
|
5ab9c0 |
#
|
|
|
5ab9c0 |
GID_MIN 1000
|
|
|
5ab9c0 |
GID_MAX 60000
|
|
|
5ab9c0 |
# System accounts
|
|
|
5ab9c0 |
SYS_GID_MIN 201
|
|
|
5ab9c0 |
SYS_GID_MAX 999
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
#
|
|
|
5ab9c0 |
# If defined, this command is run when removing a user.
|
|
|
5ab9c0 |
# It should remove any at/cron/print jobs etc. owned by
|
|
|
5ab9c0 |
# the user to be removed (passed as the first argument).
|
|
|
5ab9c0 |
#
|
|
|
5ab9c0 |
#USERDEL_CMD /usr/sbin/userdel_local
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
#
|
|
|
5ab9c0 |
# If useradd should create home directories for users by default
|
|
|
5ab9c0 |
# On RH systems, we do. This option is overridden with the -m flag on
|
|
|
5ab9c0 |
# useradd command line.
|
|
|
5ab9c0 |
#
|
|
|
5ab9c0 |
CREATE_HOME yes
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
# This enables userdel to remove user groups if no members exist.
|
|
|
5ab9c0 |
#
|
|
|
5ab9c0 |
USERGROUPS_ENAB yes
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
# Use SHA512 to encrypt password.
|
|
|
5ab9c0 |
ENCRYPT_METHOD SHA512
|
|
|
5ab9c0 |
|