UnixServerAdmin

Server Administration & Management

How to disable users from loggin into the server, except the administrator(root)

In cases where you have to disable the login to all users,except root, for example when you have to do a backup, you have to use pam_nologin.so

1) Edit the pam file for the service you want to control, in this example i modify ssh pam control file, located in /etc/pam.d/sshd & Add the line :-

# vim /etc/pam.d/sshd

account required pam_nologin.so

2) Create the /etc/nologin file, just do “touch /etc/nologin”

# touch /etc/nologin

This should disable the login from ssh. If you want to disable the login from terminal, modify the /etc/pam.d/login file.

3) To re-enable the login just remove /etc/nologin

# rm -rvdf /etc/nologin

Advertisements

February 16, 2013 Posted by | Security, SSH, Tips & Tricks, Unix/Linux | , , , , | Leave a comment