The file /etc/usertty specifies additional access restrictions for specific users. If this file does not exist, no additional access restrictions are imposed. The file consists of a sequence of sections. There are three possible section types: CLASSES, GROUPS and USERS. A CLASSES section defines classes of ttys and hostname patterns, A GROUPS section defines allowed ttys and hosts on a per group basis, and a USERS section defines allowed ttys and hosts on a per user basis.
Each line in this file in may be no longer than 255 characters. Comments start with # character and extend to the end of the line.
The word at the beginning of a line becomes defined as a collective name for the ttys and host patterns specified at the rest of the line. This collective name can be used in any subsequent GROUPS or USERS section. No such class name must occur as part of the definition of a class in order to avoid problems with recursive classes.
An example CLASSES section:
This defines the classes myclass1 and myclass2 as the corresponding right hand sides.
A GROUPS section starts with the word GROUPS in all upper case at the start of a line, and each following line is a sequence of words separated by spaces or tabs. The first word on a line is the name of the group and the rest of the words on the line specifies the ttys and hosts where members of that group are allowed access. These specifications may involve the use of classes defined in previous CLASSES sections.
An example GROUPS section.
This example specifies that members of group sys may log in on tty1 and from hosts in the bar.edu domain. Users in group stud may log in from hosts/ttys specified in the class myclass1 or from tty4.
An example USERS section:
This lets the user zacho login only on tty1 and from hosts with IP addreses in the range 130.225.16.0 - 130.225.16.255, and user blue is allowed to log in from tty3 and whatever is specified in the class myclass2.
There may be a line in a USERS section starting with a username of *. This is a default rule and it will be applied to any user not matching any other line.
If both a USERS line and GROUPS line match a user then the user is allowed
access from the union of all the ttys/hosts mentioned in these specifications.
Any of the above origins may be prefixed by a time specification according to the syntax:
timespec ::= '[' <day-or-hour> [':' <day-or-hour>]* ']' day ::= 'mon' | 'tue' | 'wed' | 'thu' | 'fri' | 'sat' | 'sun' hour ::= '0' | '1' | ... | '23' hourspec ::= <hour> | <hour> '-' <hour> day-or-hour ::= <day> | <hourspec>
For example, the origin [mon:tue:wed:thu:fri:8-17]tty3 means that log in is allowed on mondays through fridays between 8:00 and 17:59 (5:59 pm) on tty3. This also shows that an hour range a-b includes all moments between a:00 and b:59. A single hour specification (such as 10) means the time span between 10:00 and 10:59.
Not specifying any time prefix for a tty or host means log in from that origin is allowed any time. If you give a time prefix be sure to specify both a set of days and one or more hours or hour ranges. A time specification may not include any white space.
If no default rule is given then users not matching any line /etc/usertty are allowed to log in from anywhere as is standard behavior.
/var/run/utmp /var/log/wtmp /var/log/lastlog /usr/spool/mail/* /etc/motd /etc/passwd /etc/nologin /etc/usertty .hushlogin