PAM_NOLOGIN(8) Linux-PAM Manual PAM_NOLOGIN(8)NAME
pam_nologin - Prevent non-root users from login
SYNOPSIS
pam_nologin.so [file=/path/nologin] [successok]
DESCRIPTION
pam_nologin is a PAM module that prevents users from logging into the system when /etc/nologin exists. The contents of the /etc/nologin
file are displayed to the user. The pam_nologin module has no effect on the root user's ability to log in.
OPTIONS
file=/path/nologin
Use this file instead the default /etc/nologin.
successok
Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE.
MODULE TYPES PROVIDED
The auth and acct module types are provided.
RETURN VALUES
PAM_AUTH_ERR
The user is not root and /etc/nologin exists, so the user is not permitted to log in.
PAM_BUF_ERR
Memory buffer error.
PAM_IGNORE
This is the default return value.
PAM_SUCCESS
Success: either the user is root or the /etc/nologin file does not exist.
PAM_USER_UNKNOWN
User not known to the underlying authentication module.
EXAMPLES
The suggested usage for /etc/pam.d/login is:
auth required pam_nologin.so
NOTES
In order to make this module effective, all login methods should be secured by it. It should be used as a required method listed before any
sufficient methods in order to get standard Unix nologin semantics. Note, the use of successok module argument causes the module to return
PAM_SUCCESS and as such would break such a configuration - failing sufficient modules would lead to a successful login because the nologin
module succeeded.
SEE ALSO nologin(5), pam.conf(5), pam.d(5), pam(8)AUTHOR
pam_nologin was written by Michael K. Johnson <johnsonm@redhat.com>.
Linux-PAM Manual 04/01/2010 PAM_NOLOGIN(8)
Check Out this Related Man Page
PAM_NOLOGIN(8) Linux-PAM Manual PAM_NOLOGIN(8)NAME
pam_nologin - Prevent non-root users from login
SYNOPSIS
pam_nologin.so [file=/path/nologin] [successok]
DESCRIPTION
pam_nologin is a PAM module that prevents users from logging into the system when /var/run/nologin or /etc/nologin exists. The contents of
the file are displayed to the user. The pam_nologin module has no effect on the root user's ability to log in.
OPTIONS
file=/path/nologin
Use this file instead the default /var/run/nologin or /etc/nologin.
successok
Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE.
MODULE TYPES PROVIDED
The auth and acct module types are provided.
RETURN VALUES
PAM_AUTH_ERR
The user is not root and /etc/nologin exists, so the user is not permitted to log in.
PAM_BUF_ERR
Memory buffer error.
PAM_IGNORE
This is the default return value.
PAM_SUCCESS
Success: either the user is root or the nologin file does not exist.
PAM_USER_UNKNOWN
User not known to the underlying authentication module.
EXAMPLES
The suggested usage for /etc/pam.d/login is:
auth required pam_nologin.so
NOTES
In order to make this module effective, all login methods should be secured by it. It should be used as a required method listed before any
sufficient methods in order to get standard Unix nologin semantics. Note, the use of successok module argument causes the module to return
PAM_SUCCESS and as such would break such a configuration - failing sufficient modules would lead to a successful login because the nologin
module succeeded.
SEE ALSO nologin(5), pam.conf(5), pam.d(5), pam(7)AUTHOR
pam_nologin was written by Michael K. Johnson <johnsonm@redhat.com>.
Linux-PAM Manual 09/19/2013 PAM_NOLOGIN(8)
How do I make it so user "root" can not log directly into an AIX server? I want a user to be able to SU to it but not log into it to keep a log (2 Replies)
Was OK on AIX5.2. Have installed AIX 5.3 ML02 and now only root can log in. Other users get "You are not allowed to login at this time." Once in as root, it's possible to su or 'su -' to other users. All user parameters are OK. (0 Replies)
is the nologin shell available in AIX 5.2? I am familiar with the nologin shell in linux and restricting shell access but still allowing ftp etc. Can this be done in AIX? I have not been able to locate any documentation. Thanks in advance (5 Replies)
I would like to know how to prevent users connecting to a server using SSH as root.
I would still like them to be able to login with their username and then change to su.
But I would like to prevent them logging in directly as root.
I have searched the forum and read that I should set... (3 Replies)
when i am trying to login through root i am getting following error
Last successful login for root: Tue Feb 3 16:44:40 IST-5:30 2009 on pts/tc
Last unsuccessful login for root: Tue Feb 3 16:41:01 IST-5:30 2009 on pts/tc
Please wait...checking for disk quotas
crt0: ERROR couldn't open... (6 Replies)
Hello, I can ssh as root directly, but when login as normal user, I cant su to root:
user@server:~% su
Password:
and in the /var/log/messages:
session opened for user root by user(uid=501)
session closed for user root
Im sure the root password is correct, any pointer? (14 Replies)
Hi,
I am trying authenticate ssh users login using third party server (radius) instead of local system authentication.
I have modified my /etc/pam.d/sshd with required server auth configuration and able to authenticate user using radius server and the user is able to ssh into this linux... (2 Replies)
Hi folks,
I am new here, sorry for an eventual double-post. I am facing a problem of inability to log in (neither as root nor as any other user) and hope for your assistance :-)
I am running an embedded-linux Angstrom distro, which is Debian based and utilizes a (patched) mainline 3.2.18... (2 Replies)
How can I log the auth and security module messages in AIX syslog ? I need to see all authentication requests coming (when users login) and the calls made for authenticating these users.
Target system is AIX 6.1 (1 Reply)
Trying to figure out the best method of security for oracle user accounts. In Solaris 10 they are set as regular users but have nologin set forcing the dev's to login as themselves and then su to the oracle users.
In Solaris11 we have the option of making it a role because RBAC is enabled but... (1 Reply)
Hi Folks,
Would like to understand if there exists any method to write the logs for LDAP authenticated users and Local Users separately in two different files.
If not, then do I distinguish whether the user is LDAP or local without looking at passwd.
Bye the way, I am trying this weird... (0 Replies)
The script it should add all the users from this file "users.txt" All users should have the login shell as /sbin/nologin. When this script is called with any other argument, it should print the message as “Input File Not Found”ť. When this script is run without any argument, it should display... (1 Reply)