1PAM_NOLOGIN(8) Linux-PAM Manual PAM_NOLOGIN(8)
2
6 pam_nologin - Prevent non-root users from login
7
9 pam_nologin.so [file=/path/nologin] [successok]
10
12 pam_nologin is a PAM module that prevents users from logging into the
13 system when /var/run/nologin or /etc/nologin exists. The contents of
14 the file are displayed to the user. The pam_nologin module has no
15 effect on the root user's ability to log in.
16
18 file=/path/nologin
19 Use this file instead the default /var/run/nologin or /etc/nologin.
20 successok
22 Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE.
23
25 The auth and acct module types are provided.
26
28 PAM_AUTH_ERR
29 The user is not root and /etc/nologin exists, so the user is not
30 permitted to log in.
31 PAM_BUF_ERR
33 Memory buffer error.
34 PAM_IGNORE
36 This is the default return value.
37 PAM_SUCCESS
39 Success: either the user is root or the nologin file does not
40 exist.
41 PAM_USER_UNKNOWN
43 User not known to the underlying authentication module.
44
46 The suggested usage for /etc/pam.d/login is:
47 auth required pam_nologin.so
49
53 In order to make this module effective, all login methods should be
54 secured by it. It should be used as a required method listed before any
55 sufficient methods in order to get standard Unix nologin semantics.
56 Note, the use of successok module argument causes the module to return
57 PAM_SUCCESS and as such would break such a configuration - failing
58 sufficient modules would lead to a successful login because the nologin
59 module succeeded.
60
62 nologin(5), pam.conf(5), pam.d(5), pam(8)
63
65 pam_nologin was written by Michael K. Johnson <johnsonm@redhat.com>.
66Linux-PAM Manual 09/19/2013 PAM_NOLOGIN(8)