Ticket #1285 (new enhancement)

Opened 8 years ago

Last modified 8 years ago

Deny login until a maintainer enables it

Reported by: adehnert Owned by:
Priority: normal Milestone: The Distant Future
Component: linerva Keywords:
Cc: Fixed in version:
Upstream bug:

Description

Linerva currently denies users the ability to login until a maintainer manually removes the /etc/nologin file. This is done by an unpackaged and probably race-prone hack in /etc/rc.local. It should be packaged and made safer. My suggestion would be to edit /etc/pam.d/* to add a second call to pam_nologin.so with a different file, and automatically create that file on boot and shutdown.

Change History

comment:1 Changed 8 years ago by adehnert

Oh, the reason you want a different file is so that you don't clobber anything the system does to create /etc/nologin, and you don't need to worry about the system clobbering your /etc/nologin (or deleting it). (The reason you don't want /etc/yeslogin is so that you can give the user a message. pam_nologin will do that automatically if you just use it, but it plausibly requires more work if you use /etc/yeslogin and some PAM config trick to use pam_nologin or a custom module to make it work.)

Note: See TracTickets for help on using tickets.