APLawrence.com - Resources for Unix and Linux Systems, Bloggers and the self-employed

How can I prevent logins?

I've removed advertising from most of this site and will eventually clean up the few pages where it remains.

While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.

If you found something useful today, please consider a small donation.

Some material is very old and may be incorrect today

© October 2015 Anthony Lawrence

Anonymous asks:

How can I prevent logins? I need a way to disable logins from the root user account without being at the server console itself.

Many modern Unix/Linux systems respect the /etc/nologin file. Simply login as root and do "touch /etc/nologin". This restricts logins to root only. When you want to allow users again, "rm /etc/nologin".

Many systems also allow you to add text to /etc/nologin. When users attempt to login, they see that text.

$ ssh [email protected]


Logins currently not allowed.

Check back in an hour or so, thanks.

Older systems like SCO Unix don't have that. For these systems, you need to add code to /etc/profile. For example, you could add this:

IAM=`who am i | cut -d" " -f1`
[ -f /etc/nologin ] && [ $IAM ] && [ $IAM != "root" ] && exit 0

The danger here is that you mistype that code - you could easily lock yourself out forever. I recommend not exiting the editor until you have tested thoroughly.

But what about users already logged in? That code doesn't affect them at all.

That can be trickier. You can write scripts to loop through logged in users and kill them off. A more drastic but easy solution is to "touch /etc/login" and then do a shutdown and reboot.

If you found something useful today, please consider a small donation.