Search This Blog

Friday, January 31, 2014

Preventing users from logging in

Preventing users from logging in

If you want to prevent users from logging in to the system, but don’t want to change the runlevel to single user mode, there is another choice to do this. In the file /etc/default/security there is a variable called NOLOGIN. If you change it to 1 – practically, this means uncommenting that line – you will have a means to avoid new user to log in. If it is set to 1, every application that use session management with pam_hpsec (like ssh) will check the presence of /etc/nologin. If the file /etc/nologin exists on the system, no more users will be able to login to the system, every user attempting to login will be presented with the contents of that file. Of course root is immune to this, so you can’t lock out yourself from the system. You can do e.g. this:

# echo ?System Maintenance until 4am - logins disallowed? > /etc/nologin

This is also the way the shutdown process works. If you reboot the system, this file will be automatically erased, no matter if you made it manually or it was created by a shutdown process.

No comments:

Post a Comment