From de848d9e9146434817c65d74d1d0313e9d729462 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sat, 27 Apr 2024 14:01:37 +0200
Subject: Adding upstream version 1.4.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 modules/pam_nologin/pam_nologin.8.xml | 175 ++++++++++++++++++++++++++++++++++
 1 file changed, 175 insertions(+)
 create mode 100644 modules/pam_nologin/pam_nologin.8.xml

(limited to 'modules/pam_nologin/pam_nologin.8.xml')

diff --git a/modules/pam_nologin/pam_nologin.8.xml b/modules/pam_nologin/pam_nologin.8.xml
new file mode 100644
index 0000000..c86e376
--- /dev/null
+++ b/modules/pam_nologin/pam_nologin.8.xml
@@ -0,0 +1,175 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_nologin">
+
+  <refmeta>
+    <refentrytitle>pam_nologin</refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+  </refmeta>
+
+  <refnamediv id="pam_nologin-name">
+    <refname>pam_nologin</refname>
+    <refpurpose>Prevent non-root users from login</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis id="pam_nologin-cmdsynopsis">
+      <command>pam_nologin.so</command>
+      <arg choice="opt">
+        file=<replaceable>/path/nologin</replaceable>
+      </arg>
+      <arg choice="opt">
+        successok
+      </arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="pam_nologin-description">
+
+    <title>DESCRIPTION</title>
+
+    <para>
+      pam_nologin is a PAM module that prevents users from logging into
+      the system when <filename>/var/run/nologin</filename> or
+      <filename>/etc/nologin</filename> exists. The contents
+      of the file are displayed to the user. The pam_nologin module
+      has no effect on the root user's ability to log in.
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_nologin-options">
+
+    <title>OPTIONS</title>
+    <variablelist>
+      <varlistentry>
+        <term>
+          <option>file=<replaceable>/path/nologin</replaceable></option>
+        </term>
+        <listitem>
+          <para>
+            Use this file instead the default
+            <filename>/var/run/nologin</filename> or
+            <filename>/etc/nologin</filename>.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>
+          <option>successok</option>
+        </term>
+        <listitem>
+          <para>
+            Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE.
+          </para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id="pam_nologin-types">
+    <title>MODULE TYPES PROVIDED</title>
+    <para>
+      The <option>auth</option> and <option>account</option> module
+      types are provided.
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_nologin-return_values'>
+    <title>RETURN VALUES</title>
+    <variablelist>
+      <varlistentry>
+        <term>PAM_AUTH_ERR</term>
+        <listitem>
+          <para>
+            The user is not root and <filename>/etc/nologin</filename>
+            exists, so the user is not permitted to log in.
+          </para>
+        </listitem>
+      </varlistentry>
+     <varlistentry>
+        <term>PAM_BUF_ERR</term>
+        <listitem>
+          <para>Memory buffer error.</para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_IGNORE</term>
+        <listitem>
+          <para>
+            This is the default return value.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_SUCCESS</term>
+        <listitem>
+          <para>
+            Success:  either  the user is root or the
+            nologin file does not exist.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_USER_UNKNOWN</term>
+        <listitem>
+          <para>
+            User not known to the underlying authentication module.
+          </para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id='pam_nologin-examples'>
+    <title>EXAMPLES</title>
+    <para>
+      The suggested usage for <filename>/etc/pam.d/login</filename> is:
+      <programlisting>
+auth  required  pam_nologin.so
+      </programlisting>
+    </para>
+  </refsect1>
+  <refsect1 id='pam_nologin-note'>
+    <title>NOTES</title>
+    <para>
+      In order to make this module effective, all login methods should be
+      secured by it. It should be used as a <emphasis>required</emphasis>
+      method listed before any <emphasis>sufficient</emphasis> methods in
+      order to get standard Unix nologin semantics. Note, the use of
+      <option>successok</option> module argument causes the module to
+      return <emphasis>PAM_SUCCESS</emphasis> and as such would break
+      such a configuration - failing <emphasis>sufficient</emphasis> modules
+      would lead to a successful login because the nologin module
+      <emphasis>succeeded</emphasis>.
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_nologin-see_also'>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+	<refentrytitle>nologin</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_nologin-author'>
+    <title>AUTHOR</title>
+      <para>
+        pam_nologin was written by Michael K. Johnson &lt;johnsonm@redhat.com&gt;.
+      </para>
+  </refsect1>
+
+</refentry>
-- 
cgit v1.2.3