|
Packit Service |
b29381 |
'\" t
|
|
Packit Service |
b29381 |
.\" Title: pam_nologin
|
|
Packit Service |
b29381 |
.\" Author: [see the "AUTHOR" section]
|
|
Packit Service |
b29381 |
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
|
|
Packit Service |
b29381 |
.\" Date: 05/18/2017
|
|
Packit Service |
b29381 |
.\" Manual: Linux-PAM Manual
|
|
Packit Service |
b29381 |
.\" Source: Linux-PAM Manual
|
|
Packit Service |
b29381 |
.\" Language: English
|
|
Packit Service |
b29381 |
.\"
|
|
Packit Service |
b29381 |
.TH "PAM_NOLOGIN" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
|
|
Packit Service |
b29381 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
b29381 |
.\" * Define some portability stuff
|
|
Packit Service |
b29381 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
b29381 |
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit Service |
b29381 |
.\" http://bugs.debian.org/507673
|
|
Packit Service |
b29381 |
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
|
|
Packit Service |
b29381 |
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit Service |
b29381 |
.ie \n(.g .ds Aq \(aq
|
|
Packit Service |
b29381 |
.el .ds Aq '
|
|
Packit Service |
b29381 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
b29381 |
.\" * set default formatting
|
|
Packit Service |
b29381 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
b29381 |
.\" disable hyphenation
|
|
Packit Service |
b29381 |
.nh
|
|
Packit Service |
b29381 |
.\" disable justification (adjust text to left margin only)
|
|
Packit Service |
b29381 |
.ad l
|
|
Packit Service |
b29381 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
b29381 |
.\" * MAIN CONTENT STARTS HERE *
|
|
Packit Service |
b29381 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
b29381 |
.SH "NAME"
|
|
Packit Service |
b29381 |
pam_nologin \- Prevent non\-root users from login
|
|
Packit Service |
b29381 |
.SH "SYNOPSIS"
|
|
Packit Service |
b29381 |
.HP \w'\fBpam_nologin\&.so\fR\ 'u
|
|
Packit Service |
b29381 |
\fBpam_nologin\&.so\fR [file=\fI/path/nologin\fR] [successok]
|
|
Packit Service |
b29381 |
.SH "DESCRIPTION"
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
pam_nologin is a PAM module that prevents users from logging into the system when
|
|
Packit Service |
b29381 |
/var/run/nologin
|
|
Packit Service |
b29381 |
or
|
|
Packit Service |
b29381 |
/etc/nologin
|
|
Packit Service |
b29381 |
exists\&. The contents of the file are displayed to the user\&. The pam_nologin module has no effect on the root user\*(Aqs ability to log in\&.
|
|
Packit Service |
b29381 |
.SH "OPTIONS"
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
\fBfile=\fR\fB\fI/path/nologin\fR\fR
|
|
Packit Service |
b29381 |
.RS 4
|
|
Packit Service |
b29381 |
Use this file instead the default
|
|
Packit Service |
b29381 |
/var/run/nologin
|
|
Packit Service |
b29381 |
or
|
|
Packit Service |
b29381 |
/etc/nologin\&.
|
|
Packit Service |
b29381 |
.RE
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
\fBsuccessok\fR
|
|
Packit Service |
b29381 |
.RS 4
|
|
Packit Service |
b29381 |
Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE\&.
|
|
Packit Service |
b29381 |
.RE
|
|
Packit Service |
b29381 |
.SH "MODULE TYPES PROVIDED"
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
The
|
|
Packit Service |
b29381 |
\fBauth\fR
|
|
Packit Service |
b29381 |
and
|
|
Packit Service |
b29381 |
\fBacct\fR
|
|
Packit Service |
b29381 |
module types are provided\&.
|
|
Packit Service |
b29381 |
.SH "RETURN VALUES"
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
PAM_AUTH_ERR
|
|
Packit Service |
b29381 |
.RS 4
|
|
Packit Service |
b29381 |
The user is not root and
|
|
Packit Service |
b29381 |
/etc/nologin
|
|
Packit Service |
b29381 |
exists, so the user is not permitted to log in\&.
|
|
Packit Service |
b29381 |
.RE
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
PAM_BUF_ERR
|
|
Packit Service |
b29381 |
.RS 4
|
|
Packit Service |
b29381 |
Memory buffer error\&.
|
|
Packit Service |
b29381 |
.RE
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
PAM_IGNORE
|
|
Packit Service |
b29381 |
.RS 4
|
|
Packit Service |
b29381 |
This is the default return value\&.
|
|
Packit Service |
b29381 |
.RE
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
PAM_SUCCESS
|
|
Packit Service |
b29381 |
.RS 4
|
|
Packit Service |
b29381 |
Success: either the user is root or the nologin file does not exist\&.
|
|
Packit Service |
b29381 |
.RE
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
PAM_USER_UNKNOWN
|
|
Packit Service |
b29381 |
.RS 4
|
|
Packit Service |
b29381 |
User not known to the underlying authentication module\&.
|
|
Packit Service |
b29381 |
.RE
|
|
Packit Service |
b29381 |
.SH "EXAMPLES"
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
The suggested usage for
|
|
Packit Service |
b29381 |
/etc/pam\&.d/login
|
|
Packit Service |
b29381 |
is:
|
|
Packit Service |
b29381 |
.sp
|
|
Packit Service |
b29381 |
.if n \{\
|
|
Packit Service |
b29381 |
.RS 4
|
|
Packit Service |
b29381 |
.\}
|
|
Packit Service |
b29381 |
.nf
|
|
Packit Service |
b29381 |
auth required pam_nologin\&.so
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
.fi
|
|
Packit Service |
b29381 |
.if n \{\
|
|
Packit Service |
b29381 |
.RE
|
|
Packit Service |
b29381 |
.\}
|
|
Packit Service |
b29381 |
.sp
|
|
Packit Service |
b29381 |
.SH "NOTES"
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
In order to make this module effective, all login methods should be secured by it\&. It should be used as a
|
|
Packit Service |
b29381 |
\fIrequired\fR
|
|
Packit Service |
b29381 |
method listed before any
|
|
Packit Service |
b29381 |
\fIsufficient\fR
|
|
Packit Service |
b29381 |
methods in order to get standard Unix nologin semantics\&. Note, the use of
|
|
Packit Service |
b29381 |
\fBsuccessok\fR
|
|
Packit Service |
b29381 |
module argument causes the module to return
|
|
Packit Service |
b29381 |
\fIPAM_SUCCESS\fR
|
|
Packit Service |
b29381 |
and as such would break such a configuration \- failing
|
|
Packit Service |
b29381 |
\fIsufficient\fR
|
|
Packit Service |
b29381 |
modules would lead to a successful login because the nologin module
|
|
Packit Service |
b29381 |
\fIsucceeded\fR\&.
|
|
Packit Service |
b29381 |
.SH "SEE ALSO"
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
\fBnologin\fR(5),
|
|
Packit Service |
b29381 |
\fBpam.conf\fR(5),
|
|
Packit Service |
b29381 |
\fBpam.d\fR(5),
|
|
Packit Service |
b29381 |
\fBpam\fR(8)
|
|
Packit Service |
b29381 |
.SH "AUTHOR"
|
|
Packit Service |
b29381 |
.PP
|
|
Packit Service |
b29381 |
pam_nologin was written by Michael K\&. Johnson <johnsonm@redhat\&.com>\&.
|