Bug 64299

Summary: RFE: pam_nologin option to specify a list of users to let in.
Product: [Fedora] Fedora Reporter: Aleksey Nogin <aleksey>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED WONTFIX QA Contact: Aaron Brown <abrown>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideKeywords: FutureFeature
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-09-08 17:16:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Aleksey Nogin 2002-05-01 21:31:43 UTC 
It would be nice if pam_nologin could take an option to change the default
behaviour. In particular, it would be great if one could specify that
pam_nologin should let some particular users in besides (or instead of) root.
Also, it may be a good idea to allow one to specify a file other than
/etc/nologin to watch.

In general, pam_nologin appears to be the only module that can be used to
provide a user with some specific information as to why the access was denied.
Possibly, instead extending nologin (which already provides some very standard
and expected functionality), some other module (may be pam_listfile?, or all of
them through a library extension?) could be extended to support customized
"permission denied" error messages.
Comment 1 Tomas Mraz 2005-09-08 17:16:35 UTC 
You can already specify different file than /etc/nologin. (Use the file= option.)

The second request can be easily worked around - use pam_listfile, pam_access or
pam_succeed_if for denying access and pam_nologin only as optional module.