diff options
Diffstat (limited to 'system_cmds/nologin.tproj')
-rw-r--r-- | system_cmds/nologin.tproj/nologin.5 | 96 | ||||
-rw-r--r-- | system_cmds/nologin.tproj/nologin.8 | 57 | ||||
-rw-r--r-- | system_cmds/nologin.tproj/nologin.c | 51 |
3 files changed, 204 insertions, 0 deletions
diff --git a/system_cmds/nologin.tproj/nologin.5 b/system_cmds/nologin.tproj/nologin.5 new file mode 100644 index 0000000..da3b73e --- /dev/null +++ b/system_cmds/nologin.tproj/nologin.5 @@ -0,0 +1,96 @@ +.\" Copyright (c) 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)nologin.8 8.1 (Berkeley) 6/19/93 +.\" $FreeBSD: src/usr.sbin/nologin/nologin.5,v 1.15 2007/05/10 11:22:24 yar Exp $ +.\" +.Dd May 10, 2007 +.Dt NOLOGIN 5 +.Os +.Sh NAME +.Nm nologin +.Nd disallow logins +.Sh DESCRIPTION +Programs such as +.Xr login 1 +disallow logins if the +.Nm +file exists. +The programs display the contents of +.Nm +to the user if possible and interrupt the login sequence. +This makes it simple to temporarily prevent incoming logins systemwide. +.Pp +To disable logins on a per-account basis, +investigate +.Xr nologin 8 . +.Sh SECURITY +The +.Nm +file is ignored for user root by default. +.Sh IMPLEMENTATION NOTES +The +.Nm +feature is implemented through +.Xr login.conf 5 , +which allows to change the pathname of the +file and to extend the list of users +exempt from temporary login restriction. +.Pp +PAM-aware programs can be selectively configured to respect +.Nm +using the +.Xr pam_nologin 8 +module via +.Xr pam.conf 5 . +.Pp +The +.Nm +file will be removed at system boot if it resides in +.Pa /var/run +and +.Va cleanvar_enable +is set to +.Dq Li YES +in +.Xr rc.conf 5 , +which is default. +Therefore system reboot can effectively re-enable logins. +.Sh FILES +.Bl -tag -width ".Pa /var/run/nologin" -compact +.It Pa /var/run/nologin +default location of +.Nm +.El +.Sh SEE ALSO +.Xr login 1 , +.Xr login.conf 5 , +.Xr pam.conf 5 , +.Xr rc.conf 5 , +.Xr nologin 8 , +.Xr pam_nologin 8 , +.Xr shutdown 8 diff --git a/system_cmds/nologin.tproj/nologin.8 b/system_cmds/nologin.tproj/nologin.8 new file mode 100644 index 0000000..04078ff --- /dev/null +++ b/system_cmds/nologin.tproj/nologin.8 @@ -0,0 +1,57 @@ +.\" Copyright (c) 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)nologin.8 8.1 (Berkeley) 6/19/93 +.\" $FreeBSD: src/usr.sbin/nologin/nologin.8,v 1.14 2004/08/07 04:27:52 imp Exp $ +.\" +.Dd June 19, 1993 +.Dt NOLOGIN 8 +.Os +.Sh NAME +.Nm nologin +.Nd politely refuse a login +.Sh SYNOPSIS +.Nm +.Sh DESCRIPTION +The +.Nm +utility displays a message that an account is not available and +exits non-zero. +It is intended as a replacement shell field for accounts that +have been disabled. +.Pp +To disable all logins, +investigate +.Xr nologin 5 . +.Sh SEE ALSO +.Xr login 1 , +.Xr nologin 5 +.Sh HISTORY +The +.Nm +utility appeared in +.Bx 4.4 . diff --git a/system_cmds/nologin.tproj/nologin.c b/system_cmds/nologin.tproj/nologin.c new file mode 100644 index 0000000..788c90f --- /dev/null +++ b/system_cmds/nologin.tproj/nologin.c @@ -0,0 +1,51 @@ +/*- + * Copyright (c) 2004 The FreeBSD Project. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD: src/usr.sbin/nologin/nologin.c,v 1.6 2005/01/04 20:07:12 delphij Exp $"); + +#include <stdio.h> +#include <syslog.h> +#include <unistd.h> + +#define MESSAGE "This account is currently not available.\n" + +int +main(__unused int argc, __unused char *argv[]) +{ + const char *user, *tt; + + if ((tt = ttyname(0)) == NULL) + tt = "UNKNOWN"; + if ((user = getlogin()) == NULL) + user = "UNKNOWN"; + openlog("nologin", LOG_CONS, LOG_AUTH); + syslog(LOG_CRIT, "Attempted login by %s on %s", user, tt); + closelog(); + + printf("%s", MESSAGE); + return 1; +} |