SUMMARY: /etc/nologin

From: Rasana Atreya (
Date: Thu May 29 1997 - 16:04:57 CDT

Hi Managers,

I had 4 questions, which were answered thanks to the following:

From: (Mattias Zhabinskiy)
From: Jochen Bern <>
From: (Danny Johnson)
From: Glenn Satchell - Uniq Professional Services <>
From: "Matthew Stier" <>
From: Jim Harmon <>
From: Steffen Kluge <>
From: Jason Keltz <>
From: Chris Marble <>

I've listed each question and it's summarised answer below.


> /etc/nologin disables "logins". Does "login" mean telnet, rsh _and_ rlogin?
> I know it does not affect ftp.

It only affects /usr/bin/login. Since telnet and rlogin (and also getty etc.)
call login they are affected implicitly. Rsh is not affected as long as you
specify a command to be executed (otherwise it will act like rlogin). If you
look for it (strings - File | grep nologin), you'll find /etc/nologin hardcoded
in /bin/login and sshd.

Note that /etc/nologin has no effect on xdm unless you add some code to

/etc/nologin is created automatically when the system is shut down normally.
Removing it is often one of the very last tasks of the boot scripts.

ftp is unaffected since it does not use login.

> - Is access to web pages on the machine affected?

This would depend on your web server, but most likely, the server would ignore
this file, so web access would continue.

Web access isn't affected by /etc/nologin since this is non-interactive (no
login account required for access). The web server should have it's own lockout

> - How does this affect users already logged in?

/etc/nologin prevents future non-root logins, but will not disable current

You can change /etc/.login to this:
#! /usr/bin/sh
# Check to see if logins are disabled
# Adopted from Aslan, 11/27/96
if ( -e /etc/nologin) source /etc/csh.nologin

The /etc/csh.nologin checks to see if the person's in a permitted group.

> - For patch installations, is it okay to create the above file without
> bringing the machine down to single user mode?

I thought that it is enough to create the above file even when we need to
install a patch in single user mode. Not so. The mode still remains
multi-user. (and so it is really safer to go to single user mode for patch
installtion - if that's what the instruction says).

~ Rasana Atreya Voice: (415) 476-3623 ~
~ System Administrator Fax: (415) 476-4653 ~
~ Library & Ctr for Knowledge Mgmt, Univ. of California at San Francisco ~
~ 530 Parnassus Ave, Box 0840, San Francisco, CA 94143-0840 ~
~ ~

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:56 CDT