NAME | SYNOPSIS | DESCRIPTION | OPTIONS | MODULE TYPES PROVIDED | RETURN VALUES | EXAMPLES | NOTES | SEE ALSO | AUTHOR | COLOPHON

PAM_NOLOGIN(8)                Linux-PAM Manual                PAM_NOLOGIN(8)

NAME         top

       pam_nologin - Prevent non-root users from login

SYNOPSIS         top

       pam_nologin.so [file=/path/nologin] [successok]

DESCRIPTION         top

       pam_nologin is a PAM module that prevents users from logging into the
       system when /var/run/nologin or /etc/nologin exists. The contents of
       the file are displayed to the user. The pam_nologin module has no
       effect on the root user's ability to log in.

OPTIONS         top

       file=/path/nologin
           Use this file instead the default /var/run/nologin or
           /etc/nologin.

       successok
           Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE.

MODULE TYPES PROVIDED         top

       The auth and acct module types are provided.

RETURN VALUES         top

       PAM_AUTH_ERR
           The user is not root and /etc/nologin exists, so the user is not
           permitted to log in.

       PAM_BUF_ERR
           Memory buffer error.

       PAM_IGNORE
           This is the default return value.

       PAM_SUCCESS
           Success: either the user is root or the nologin file does not
           exist.

       PAM_USER_UNKNOWN
           User not known to the underlying authentication module.

EXAMPLES         top

       The suggested usage for /etc/pam.d/login is:

           auth  required  pam_nologin.so

NOTES         top

       In order to make this module effective, all login methods should be
       secured by it. It should be used as a required method listed before
       any sufficient methods in order to get standard Unix nologin
       semantics. Note, the use of successok module argument causes the
       module to return PAM_SUCCESS and as such would break such a
       configuration - failing sufficient modules would lead to a successful
       login because the nologin module succeeded.

SEE ALSO         top

       nologin(5), pam.conf(5), pam.d(5), pam(8)

AUTHOR         top

       pam_nologin was written by Michael K. Johnson <johnsonm@redhat.com>.

COLOPHON         top

       This page is part of the linux-pam (Pluggable Authentication Modules
       for Linux) project.  Information about the project can be found at 
       ⟨https://fedorahosted.org/linux-pam/⟩.  If you have a bug report for
       this manual page, see ⟨https://fedorahosted.org/linux-pam/report⟩.
       This page was obtained from the tarball Linux-PAM-1.2.0.tar.gz
       fetched from ⟨http://www.linux-pam.org/library/⟩ on 2015-05-07.  If
       you discover any rendering problems in this HTML version of the page,
       or you believe there is a better or more up-to-date source for the
       page, or you have corrections or improvements to the information in
       this COLOPHON (which is not part of the original manual page), send a
       mail to man-pages@man7.org

Linux-PAM Manual                 03/24/2015                   PAM_NOLOGIN(8)