diff options
Diffstat (limited to '')
-rw-r--r-- | modules/pam_nologin/pam_nologin.8 | 130 | ||||
-rw-r--r-- | modules/pam_nologin/pam_nologin.8.xml | 175 |
2 files changed, 305 insertions, 0 deletions
diff --git a/modules/pam_nologin/pam_nologin.8 b/modules/pam_nologin/pam_nologin.8 new file mode 100644 index 0000000..df0c255 --- /dev/null +++ b/modules/pam_nologin/pam_nologin.8 @@ -0,0 +1,130 @@ +'\" t +.\" Title: pam_nologin +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 09/03/2021 +.\" Manual: Linux-PAM Manual +.\" Source: Linux-PAM Manual +.\" Language: English +.\" +.TH "PAM_NOLOGIN" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +pam_nologin \- Prevent non\-root users from login +.SH "SYNOPSIS" +.HP \w'\fBpam_nologin\&.so\fR\ 'u +\fBpam_nologin\&.so\fR [file=\fI/path/nologin\fR] [successok] +.SH "DESCRIPTION" +.PP +pam_nologin is a PAM module that prevents users from logging into the system when +/var/run/nologin +or +/etc/nologin +exists\&. The contents of the file are displayed to the user\&. The pam_nologin module has no effect on the root user\*(Aqs ability to log in\&. +.SH "OPTIONS" +.PP +\fBfile=\fR\fB\fI/path/nologin\fR\fR +.RS 4 +Use this file instead the default +/var/run/nologin +or +/etc/nologin\&. +.RE +.PP +\fBsuccessok\fR +.RS 4 +Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE\&. +.RE +.SH "MODULE TYPES PROVIDED" +.PP +The +\fBauth\fR +and +\fBaccount\fR +module types are provided\&. +.SH "RETURN VALUES" +.PP +PAM_AUTH_ERR +.RS 4 +The user is not root and +/etc/nologin +exists, so the user is not permitted to log in\&. +.RE +.PP +PAM_BUF_ERR +.RS 4 +Memory buffer error\&. +.RE +.PP +PAM_IGNORE +.RS 4 +This is the default return value\&. +.RE +.PP +PAM_SUCCESS +.RS 4 +Success: either the user is root or the nologin file does not exist\&. +.RE +.PP +PAM_USER_UNKNOWN +.RS 4 +User not known to the underlying authentication module\&. +.RE +.SH "EXAMPLES" +.PP +The suggested usage for +/etc/pam\&.d/login +is: +.sp +.if n \{\ +.RS 4 +.\} +.nf +auth required pam_nologin\&.so + +.fi +.if n \{\ +.RE +.\} +.sp +.SH "NOTES" +.PP +In order to make this module effective, all login methods should be secured by it\&. It should be used as a +\fIrequired\fR +method listed before any +\fIsufficient\fR +methods in order to get standard Unix nologin semantics\&. Note, the use of +\fBsuccessok\fR +module argument causes the module to return +\fIPAM_SUCCESS\fR +and as such would break such a configuration \- failing +\fIsufficient\fR +modules would lead to a successful login because the nologin module +\fIsucceeded\fR\&. +.SH "SEE ALSO" +.PP +\fBnologin\fR(5), +\fBpam.conf\fR(5), +\fBpam.d\fR(5), +\fBpam\fR(8) +.SH "AUTHOR" +.PP +pam_nologin was written by Michael K\&. Johnson <johnsonm@redhat\&.com>\&. diff --git a/modules/pam_nologin/pam_nologin.8.xml b/modules/pam_nologin/pam_nologin.8.xml new file mode 100644 index 0000000..c86e376 --- /dev/null +++ b/modules/pam_nologin/pam_nologin.8.xml @@ -0,0 +1,175 @@ +<?xml version="1.0" encoding='UTF-8'?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" + "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> + +<refentry id="pam_nologin"> + + <refmeta> + <refentrytitle>pam_nologin</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo> + </refmeta> + + <refnamediv id="pam_nologin-name"> + <refname>pam_nologin</refname> + <refpurpose>Prevent non-root users from login</refpurpose> + </refnamediv> + + <refsynopsisdiv> + <cmdsynopsis id="pam_nologin-cmdsynopsis"> + <command>pam_nologin.so</command> + <arg choice="opt"> + file=<replaceable>/path/nologin</replaceable> + </arg> + <arg choice="opt"> + successok + </arg> + </cmdsynopsis> + </refsynopsisdiv> + + <refsect1 id="pam_nologin-description"> + + <title>DESCRIPTION</title> + + <para> + pam_nologin is a PAM module that prevents users from logging into + the system when <filename>/var/run/nologin</filename> or + <filename>/etc/nologin</filename> exists. The contents + of the file are displayed to the user. The pam_nologin module + has no effect on the root user's ability to log in. + </para> + </refsect1> + + <refsect1 id="pam_nologin-options"> + + <title>OPTIONS</title> + <variablelist> + <varlistentry> + <term> + <option>file=<replaceable>/path/nologin</replaceable></option> + </term> + <listitem> + <para> + Use this file instead the default + <filename>/var/run/nologin</filename> or + <filename>/etc/nologin</filename>. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>successok</option> + </term> + <listitem> + <para> + Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id="pam_nologin-types"> + <title>MODULE TYPES PROVIDED</title> + <para> + The <option>auth</option> and <option>account</option> module + types are provided. + </para> + </refsect1> + + <refsect1 id='pam_nologin-return_values'> + <title>RETURN VALUES</title> + <variablelist> + <varlistentry> + <term>PAM_AUTH_ERR</term> + <listitem> + <para> + The user is not root and <filename>/etc/nologin</filename> + exists, so the user is not permitted to log in. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_BUF_ERR</term> + <listitem> + <para>Memory buffer error.</para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_IGNORE</term> + <listitem> + <para> + This is the default return value. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + Success: either the user is root or the + nologin file does not exist. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_USER_UNKNOWN</term> + <listitem> + <para> + User not known to the underlying authentication module. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='pam_nologin-examples'> + <title>EXAMPLES</title> + <para> + The suggested usage for <filename>/etc/pam.d/login</filename> is: + <programlisting> +auth required pam_nologin.so + </programlisting> + </para> + </refsect1> + <refsect1 id='pam_nologin-note'> + <title>NOTES</title> + <para> + In order to make this module effective, all login methods should be + secured by it. It should be used as a <emphasis>required</emphasis> + method listed before any <emphasis>sufficient</emphasis> methods in + order to get standard Unix nologin semantics. Note, the use of + <option>successok</option> module argument causes the module to + return <emphasis>PAM_SUCCESS</emphasis> and as such would break + such a configuration - failing <emphasis>sufficient</emphasis> modules + would lead to a successful login because the nologin module + <emphasis>succeeded</emphasis>. + </para> + </refsect1> + + <refsect1 id='pam_nologin-see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>nologin</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> + </para> + </refsect1> + + <refsect1 id='pam_nologin-author'> + <title>AUTHOR</title> + <para> + pam_nologin was written by Michael K. Johnson <johnsonm@redhat.com>. + </para> + </refsect1> + +</refentry> |