diff options
author | yar <yar@FreeBSD.org> | 2007-05-10 11:22:24 +0000 |
---|---|---|
committer | yar <yar@FreeBSD.org> | 2007-05-10 11:22:24 +0000 |
commit | a8a620e55d8a62cdc08de38403041ea4a2e9246e (patch) | |
tree | 3a20133fb651fae9e852793fc72654406331447e | |
parent | c94948879ef15a371f26e5410cc08e20d5735380 (diff) | |
download | FreeBSD-src-a8a620e55d8a62cdc08de38403041ea4a2e9246e.zip FreeBSD-src-a8a620e55d8a62cdc08de38403041ea4a2e9246e.tar.gz |
Update nologin(5) to match the modern reality of login.conf(5) and PAM.
-rw-r--r-- | usr.sbin/nologin/nologin.5 | 56 |
1 files changed, 44 insertions, 12 deletions
diff --git a/usr.sbin/nologin/nologin.5 b/usr.sbin/nologin/nologin.5 index 961f5a3..f8a21be 100644 --- a/usr.sbin/nologin/nologin.5 +++ b/usr.sbin/nologin/nologin.5 @@ -28,7 +28,7 @@ .\" @(#)nologin.8 8.1 (Berkeley) 6/19/93 .\" $FreeBSD$ .\" -.Dd June 19, 1993 +.Dd May 10, 2007 .Dt NOLOGIN 5 .Os .Sh NAME @@ -37,28 +37,60 @@ .Sh DESCRIPTION Programs such as .Xr login 1 -disallow logins if the file -.Pa /var/run/nologin -exists. -Programs display the contents of -.Pa /var/run/nologin -to the user and exit. +disallow logins if the +.Nm +file exists. +The programs display the contents of +.Nm +to the user if possible and interrupt the login sequence. This makes it simple to temporarily prevent incoming logins systemwide. .Pp To disable logins on a per-account basis, investigate .Xr nologin 8 . .Sh SECURITY -Ignored by -.Xr login 1 -for user root. +The +.Nm +file is ignored for user root by default. +.Sh IMPLEMENTATION NOTES +The +.Nm +feature is implemented through +.Xr login.conf 5 , +which allows to change the pathname of the +file and to extend the list of users +exempt from temporary login restriction. +.Pp +PAM-aware programs can be selectively configured to respect +.Nm +using the +.Xr pam_nologin 8 +module via +.Xr pam.conf 5 . +.Pp +The +.Nm +file will be removed at system boot if it resides in +.Pa /var/run +and +.Va cleanvar_enable +is set to +.Dq Li YES +in +.Xr rc.conf 5 , +which is default. +Therefore system reboot can effectively re-enable logins. .Sh FILES .Bl -tag -width ".Pa /var/run/nologin" -compact .It Pa /var/run/nologin +default location of +.Nm .El .Sh SEE ALSO .Xr login 1 , -.Xr rlogin 1 , -.Xr telnet 1 , +.Xr login.conf 5 , +.Xr pam.conf 5 , +.Xr rc.conf 5 , .Xr nologin 8 , +.Xr pam_nologin 8 , .Xr shutdown 8 |