How can I prevent logins? I need a way to disable logins from the root user account without being at the server console itself.
Many modern Unix/Linux systems respect the /etc/nologin file. Simply login as root and do "touch /etc/nologin". This restricts logins to root only. When you want to allow users again, "rm /etc/nologin".
Many systems also allow you to add text to /etc/nologin. When users attempt to login, they see that text.
$ ssh email@example.com Logins currently not allowed. Check back in an hour or so, thanks.
Older systems like SCO Unix don't have that. For these systems, you need to add code to /etc/profile. For example, you could add this:
IAM=`who am i | cut -d" " -f1` [ -f /etc/nologin ] && [ $IAM ] && [ $IAM != "root" ] && exit 0
The danger here is that you mistype that code - you could easily lock yourself out forever. I recommend not exiting the editor until you have tested thoroughly.
But what about users already logged in? That code doesn't affect them at all.
That can be trickier. You can write scripts to loop through logged in users and kill them off. A more drastic but easy solution is to "touch /etc/login" and then do a shutdown and reboot.
Got something to add? Send me email.
More Articles by Anthony Lawrence © 2015-10-08 Anthony Lawrence