pam_nologin(8) [xfree86 man page]
PAM_NOLOGIN(8) Linux-PAM Manual PAM_NOLOGIN(8) NAME
pam_nologin - Prevent non-root users from login SYNOPSIS
pam_nologin.so [file=/path/nologin] [successok] DESCRIPTION
pam_nologin is a PAM module that prevents users from logging into the system when /var/run/nologin or /etc/nologin exists. The contents of the file are displayed to the user. The pam_nologin module has no effect on the root user's ability to log in. OPTIONS
file=/path/nologin Use this file instead the default /var/run/nologin or /etc/nologin. successok Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE. MODULE TYPES PROVIDED
The auth and acct module types are provided. RETURN VALUES
PAM_AUTH_ERR The user is not root and /etc/nologin exists, so the user is not permitted to log in. PAM_BUF_ERR Memory buffer error. PAM_IGNORE This is the default return value. PAM_SUCCESS Success: either the user is root or the nologin file does not exist. PAM_USER_UNKNOWN User not known to the underlying authentication module. EXAMPLES
The suggested usage for /etc/pam.d/login is: auth required pam_nologin.so NOTES
In order to make this module effective, all login methods should be secured by it. It should be used as a required method listed before any sufficient methods in order to get standard Unix nologin semantics. Note, the use of successok module argument causes the module to return PAM_SUCCESS and as such would break such a configuration - failing sufficient modules would lead to a successful login because the nologin module succeeded. SEE ALSO
nologin(5), pam.conf(5), pam.d(5), pam(7) AUTHOR
pam_nologin was written by Michael K. Johnson <johnsonm@redhat.com>. Linux-PAM Manual 09/19/2013 PAM_NOLOGIN(8)
Check Out this Related Man Page
PAM_WHEEL(8) Linux-PAM Manual PAM_WHEEL(8) NAME
pam_wheel - Only permit root access to members of group wheel SYNOPSIS
pam_wheel.so [debug] [deny] [group=name] [root_only] [trust] [use_uid] DESCRIPTION
The pam_wheel PAM module is used to enforce the so-called wheel group. By default it permits root access to the system if the applicant user is a member of the wheel group. If no group with this name exist, the module is using the group with the group-ID 0. OPTIONS
debug Print debug information. deny Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of the group option), deny access. Conversely, if the user is not in the group, return PAM_IGNORE (unless trust was also specified, in which case we return PAM_SUCCESS). group=name Instead of checking the wheel or GID 0 groups, use the name group to perform the authentication. root_only The check for wheel membership is done only. trust The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd). use_uid The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example). MODULE TYPES PROVIDED
The auth and account module types are provided. RETURN VALUES
PAM_AUTH_ERR Authentication failure. PAM_BUF_ERR Memory buffer error. PAM_IGNORE The return value should be ignored by PAM dispatch. PAM_PERM_DENY Permission denied. PAM_SERVICE_ERR Cannot determine the user name. PAM_SUCCESS Success. PAM_USER_UNKNOWN User not known. EXAMPLES
The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non-root applicants. su auth sufficient pam_rootok.so su auth required pam_wheel.so su auth required pam_unix.so SEE ALSO
pam.conf(5), pam.d(5), pam(8) AUTHOR
pam_wheel was written by Cristian Gafton <gafton@redhat.com>. Linux-PAM Manual 09/19/2013 PAM_WHEEL(8)