pam_nologin - Prevent non-root users from login
[file= /path/nologin] [successok]
pam_nologin is a PAM module that prevents users from logging into the system
when /var/run/nologin or /etc/nologin exists. The contents of the file are
displayed to the user. The pam_nologin module has no effect on the root user's
ability to log in.
Use this file instead the default
/var/run/nologin or /etc/nologin.
Return PAM_SUCCESS if no file exists, the
default is PAM_IGNORE.
module types are provided.
The user is not root and /etc/nologin exists,
so the user is not permitted to log in.
Memory buffer error.
This is the default return value.
Success: either the user is root or the
nologin file does not exist.
User not known to the underlying
The suggested usage for /etc/pam.d/login is:
auth required pam_nologin.so
In order to make this module effective, all login methods should be secured by
it. It should be used as a required
method listed before any
methods in order to get standard Unix nologin semantics.
Note, the use of successok
module argument causes the module to return
and as such would break such a configuration - failing
modules would lead to a successful login because the nologin
pam_nologin was written by Michael K. Johnson <firstname.lastname@example.org>.