LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Locking out non-root users while the system is in maintenance (https://www.linuxquestions.org/questions/linux-security-4/locking-out-non-root-users-while-the-system-is-in-maintenance-640682/)

nthillaiarasu 05-07-2008 11:17 PM
Locking out non-root users while the system is in maintenance
 
To disable all user logins (except for root) without taking down the system into maintenance mode create a file in the location /etc/nologin.
The content of this file will be displayed when a user tries to log in. Useful when doing service on the system which might affect users.

Steps to do:
1.Go to terminal login as sudo user inorder to create file in /etc.
lostwarrior@leo:~$ --usermode

lostwarrior@leo:~$ sudo -s
[sudo] password for lostwarrior:
root@leo:~#

2.Once u login as root in terminal type cd /etc

3.type touch nologin
Now the user cant able to enter into the machine.If he enters the username then the content from nologin file will get displayed

4.NoteBefore doing this try to have the root password.Otherwise u cant enter into the root access.

5.For creating root password.1.Go to terminal login as sudo user

warrior@leo:~$ --usermode
lostwarrior@leo:~$ sudo -s
[sudo] password for lostwarrior:
root@leo:~#
6.now type passwd root (herepasswd is the command and root is the user)

7.enter the new password for root.

root@leo:/etc# passwd root
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@leo:/etc#
Note:This has been tested under ubuntu 7.10

Simon Bridge 05-08-2008 02:27 AM
If the file /etc/nologin exists, login will allow access only to root. Other users will be shown the contents of this file and their logins will be refused.

Quote:
Steps to do:
1.Go to terminal login as sudo user inorder to create file in /etc.
lostwarrior@leo:~$ --usermode
OK:

~$ --usermode
bash: --usermode: command not found

I think you left something out...

Quote:
3.type touch nologin
Now the user cant able to enter into the machine.If he enters the username then the content from nologin file will get displayed
... hmmm, an empty file... niiice.

Hey! I'm locked out!
Quote:
4.NoteBefore doing this try to have the root password.Otherwise u cant enter into the root access.
Now he tells me!

How about just start with:

0. enable root login.

1. sudo nano /etc/nologin

Add text:

My Apologies;
This system has been locked for maintenance.
Anormal service will resume at 2300 hours.
--The MGT

:)

Now you have a two-step howto, instead of 7.

BTW: Put "HOWTO" in the title next time.

SlowCoder 05-09-2008 07:42 AM
nthillaiarasu,

Good job. I learned something new today. :study:

Simon. Thanks for the cleanup/clarification.

SlowCoder 05-09-2008 09:12 AM
I decided to play with this a *very little*. I created /etc/nologin with some gibberish in Ubuntu. Guess what? I was still able to log in with my user account. Maybe this is due the fact that you can't directly log into Ubuntu as root, or maybe it's because I'm logging in via GUI. So, it's not a 100% case.

introuble 05-09-2008 09:55 AM
That's because /etc/nologin works only when login(1) is involved.

Hangdog42 05-09-2008 11:06 AM
Isn't it just a lot easier to move to runlevel 1? You know telinit 1, do your maintenance work, then telinit 3 (or whatever your normal runlevel is).


All times are GMT -5. The time now is 10:14 PM.