From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.0.1) Gecko/20020830 Description of problem: I had started a "shutdown +15" but I grew impatient and powered the box off (who in my case causes the system to run a "shutdown now"). Next day I found only root could connect and he got a message telling the box would be shutdown at some time of the day before. I finally found that this was due to a /etc/nologin file who had been left by my shutdown +15 and not removed by instcripts. Version-Release number of selected component (if applicable): How reproducible: Didn't try Steps to Reproduce: 1.Run a shutdown -h +15 and power off the box before shutdown completes. 2.Reboot 3.Try to connect as normal user. It fails. And since there is no message telling why I initially thought I had been hacked and attacker had tampered with my password file. Additional info:
*** This bug has been marked as a duplicate of 74814 ***
Perhaps it is correct behaviour to not clean a /etc/nologin created by a system administrator who wants to reboot and not have users connect immediately after. But there should be a way to distinguish those /etc/nologin set by "shutdown" so they can be cleaned by initscripts. For instance shutdown could test if there is a /etc/nologin and if it doesn't exist create one <b>and</b> /etc/nologin.automatic so if initscripts see both then it knows it is a /etc/nologin set by shutdown and can clean it. An improvement could be to store the MD5 of /etc/nologin in /etc/nologin.automatic so initscripts can check it is the real one set by shutdown. Finally there should be an informative message when access is denied due to a nologin condition: presently the user is denied acces without any explanation so he believes he mistyped his password and when after sevraltruies he is still denied access he will believe the password file has been corrupted or tampered.