Permalink
Browse files

Update nologin(5) to match the modern reality of login.conf(5) and PAM.

  • Loading branch information...
1 parent cf6912c commit 6c97a609b3560d4fb6b367587016f1531fcf1ece yar committed May 10, 2007
Showing with 44 additions and 12 deletions.
  1. +44 −12 usr.sbin/nologin/nologin.5
View
@@ -28,7 +28,7 @@
.\" @(#)nologin.8 8.1 (Berkeley) 6/19/93
.\" $FreeBSD$
.\"
-.Dd June 19, 1993
+.Dd May 10, 2007
.Dt NOLOGIN 5
.Os
.Sh NAME
@@ -37,28 +37,60 @@
.Sh DESCRIPTION
Programs such as
.Xr login 1
-disallow logins if the file
-.Pa /var/run/nologin
-exists.
-Programs display the contents of
-.Pa /var/run/nologin
-to the user and exit.
+disallow logins if the
+.Nm
+file exists.
+The programs display the contents of
+.Nm
+to the user if possible and interrupt the login sequence.
This makes it simple to temporarily prevent incoming logins systemwide.
.Pp
To disable logins on a per-account basis,
investigate
.Xr nologin 8 .
.Sh SECURITY
-Ignored by
-.Xr login 1
-for user root.
+The
+.Nm
+file is ignored for user root by default.
+.Sh IMPLEMENTATION NOTES
+The
+.Nm
+feature is implemented through
+.Xr login.conf 5 ,
+which allows to change the pathname of the
+file and to extend the list of users
+exempt from temporary login restriction.
+.Pp
+PAM-aware programs can be selectively configured to respect
+.Nm
+using the
+.Xr pam_nologin 8
+module via
+.Xr pam.conf 5 .
+.Pp
+The
+.Nm
+file will be removed at system boot if it resides in
+.Pa /var/run
+and
+.Va cleanvar_enable
+is set to
+.Dq Li YES
+in
+.Xr rc.conf 5 ,
+which is default.
+Therefore system reboot can effectively re-enable logins.
.Sh FILES
.Bl -tag -width ".Pa /var/run/nologin" -compact
.It Pa /var/run/nologin
+default location of
+.Nm
.El
.Sh SEE ALSO
.Xr login 1 ,
-.Xr rlogin 1 ,
-.Xr telnet 1 ,
+.Xr login.conf 5 ,
+.Xr pam.conf 5 ,
+.Xr rc.conf 5 ,
.Xr nologin 8 ,
+.Xr pam_nologin 8 ,
.Xr shutdown 8

0 comments on commit 6c97a60

Please sign in to comment.