64299 – RFE: pam_nologin option to specify a list of users to let in.

Bug 64299 - RFE: pam_nologin option to specify a list of users to let in.

Summary: RFE: pam_nologin option to specify a list of users to let in.

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	pam
Sub Component:
Version:	rawhide
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Aaron Brown
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-05-01 21:31 UTC by Aleksey Nogin
Modified:	2007-11-30 22:10 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2005-09-08 17:16:35 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Aleksey Nogin 2002-05-01 21:31:43 UTC

It would be nice if pam_nologin could take an option to change the default
behaviour. In particular, it would be great if one could specify that
pam_nologin should let some particular users in besides (or instead of) root.
Also, it may be a good idea to allow one to specify a file other than
/etc/nologin to watch.

In general, pam_nologin appears to be the only module that can be used to
provide a user with some specific information as to why the access was denied.
Possibly, instead extending nologin (which already provides some very standard
and expected functionality), some other module (may be pam_listfile?, or all of
them through a library extension?) could be extended to support customized
"permission denied" error messages.

Comment 1 Tomas Mraz 2005-09-08 17:16:35 UTC

You can already specify different file than /etc/nologin. (Use the file= option.)

The second request can be easily worked around - use pam_listfile, pam_access or
pam_succeed_if for denying access and pam_nologin only as optional module.

Note You need to log in before you can comment on or make changes to this bug.