Ticket #1285 (new enhancement)
Deny login until a maintainer enables it
Reported by: | adehnert | Owned by: | |
---|---|---|---|
Priority: | normal | Milestone: | The Distant Future |
Component: | linerva | Keywords: | |
Cc: | Fixed in version: | ||
Upstream bug: |
Description
Linerva currently denies users the ability to login until a maintainer manually removes the /etc/nologin file. This is done by an unpackaged and probably race-prone hack in /etc/rc.local. It should be packaged and made safer. My suggestion would be to edit /etc/pam.d/* to add a second call to pam_nologin.so with a different file, and automatically create that file on boot and shutdown.
Note: See
TracTickets for help on using
tickets.
Oh, the reason you want a different file is so that you don't clobber anything the system does to create /etc/nologin, and you don't need to worry about the system clobbering your /etc/nologin (or deleting it). (The reason you don't want /etc/yeslogin is so that you can give the user a message. pam_nologin will do that automatically if you just use it, but it plausibly requires more work if you use /etc/yeslogin and some PAM config trick to use pam_nologin or a custom module to make it work.)