From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.0.1) Gecko/20020830
Description of problem:
I had started a "shutdown +15" but I grew impatient and powered the box off (who
in my case causes the system to run a "shutdown now"). Next day I found only
root could connect and he got a message telling the box would be shutdown at
some time of the day before. I finally found that this was due to a
/etc/nologin file who had been left by my shutdown +15 and not removed by
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Run a shutdown -h +15 and power off the box before shutdown completes.
3.Try to connect as normal user. It fails. And since there is no message
telling why I initially thought I had been hacked and attacker had tampered with
my password file.
*** This bug has been marked as a duplicate of 74814 ***
Perhaps it is correct behaviour to not clean a /etc/nologin created by a system
administrator who wants to reboot and not have users connect immediately after.
But there should be a way to distinguish those /etc/nologin set by "shutdown"
so they can be cleaned by initscripts. For instance shutdown could test if
there is a /etc/nologin and if it doesn't exist create one <b>and</b>
/etc/nologin.automatic so if initscripts see both then it knows it is a
/etc/nologin set by shutdown and can clean it. An improvement could be to store
the MD5 of /etc/nologin in /etc/nologin.automatic so initscripts can check it is
the real one set by shutdown.
Finally there should be an informative message when access is denied due to a
nologin condition: presently the user is denied acces without any explanation so
he believes he mistyped his password and
when after sevraltruies he is still denied access he will believe the password
file has been corrupted or tampered.