Group Bypass /etc/nologin

General support questions
Post Reply
t3kg33k
Posts: 15
Joined: 2016/02/26 19:45:27

Group Bypass /etc/nologin

Post by t3kg33k » 2019/11/20 15:57:05

Anyone know if there is a way to specify a group allow access either via ssh or at console when there is a /etc/nologin file present?

I found a thread online that mentions adding the following line to /etc/pam.d/login just before the 'account required pam_nologin.so' line:

account [success=1 default=ignore] pam_succeed_if.so quiet user ingroup group

I've tested this and it's not working for me. I'm testing this in CentOS 7.

aks
Posts: 2859
Joined: 2014/09/20 11:22:14

Re: Group Bypass /etc/nologin

Post by aks » 2019/11/25 19:23:14

Yes, it is part of the PAM stack, but I can't remember which one. Look at your PAM pack (for login) and read the man pages for each module used. Also for extra measure run SE in permissive mode (not sure if this is the case, shouldn't be, but SE is really big now).

Post Reply

Return to “CentOS 7 - General Support”