From 88407b93212275759e8a54f5d43f4cf7da67fcdf Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Mon, 30 Sep 2013 13:36:26 +0200 Subject: nologin: add new command Currently it's maintained as distro specific (or people use impolite /bin/false way). Signed-off-by: Karel Zak --- .gitignore | 1 + Documentation/releases/v2.24-ReleaseNotes | 4 ++ configure.ac | 8 ++++ include/pathnames.h | 2 + login-utils/Makemodule.am | 7 +++ login-utils/nologin.8 | 53 ++++++++++++++++++++++ login-utils/nologin.c | 75 +++++++++++++++++++++++++++++++ 7 files changed, 150 insertions(+) create mode 100644 login-utils/nologin.8 create mode 100644 login-utils/nologin.c diff --git a/.gitignore b/.gitignore index aedce561d..91b625f44 100644 --- a/.gitignore +++ b/.gitignore @@ -130,6 +130,7 @@ tests/run.sh.trs /mountpoint /namei /newgrp +/nologin /nsenter /partx /pg diff --git a/Documentation/releases/v2.24-ReleaseNotes b/Documentation/releases/v2.24-ReleaseNotes index 1cd6eec9c..ca5b7bc85 100644 --- a/Documentation/releases/v2.24-ReleaseNotes +++ b/Documentation/releases/v2.24-ReleaseNotes @@ -61,6 +61,10 @@ wipefs(8): - supports new command line option --backup to backup erased data to $HOME/wipefs--.bak +nologin(8): + - this command has been merged into util-linux, the command politely + refuse a login. + Stable maintenance releases between v2.23 and v2.24 --------------------------------------------------- diff --git a/configure.ac b/configure.ac index 553228af2..098692c9f 100644 --- a/configure.ac +++ b/configure.ac @@ -1211,6 +1211,14 @@ AS_IF([test "x$enable_login_stat_mail" = xyes], [ ]) +AC_ARG_ENABLE([nologin], + AS_HELP_STRING([--disable-nologin], [do not build nologin]), + [], [enable_nologin=yes] +) +UL_BUILD_INIT([nologin]) +AM_CONDITIONAL([BUILD_NOLOGIN], [test "x$build_nologin" = xyes]) + + AC_ARG_ENABLE([sulogin], AS_HELP_STRING([--disable-sulogin], [do not build sulogin]), [], [enable_sulogin=yes] diff --git a/include/pathnames.h b/include/pathnames.h index e25234c45..dce98d2a4 100644 --- a/include/pathnames.h +++ b/include/pathnames.h @@ -31,6 +31,8 @@ #define _PATH_HUSHLOGIN ".hushlogin" #define _PATH_HUSHLOGINS "/etc/hushlogins" +#define _PATH_NOLOGIN_TXT "/etc/nologin.txt" + #ifndef _PATH_MAILDIR #define _PATH_MAILDIR "/var/spool/mail" #endif diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am index c5e8c07ae..aca028a29 100644 --- a/login-utils/Makemodule.am +++ b/login-utils/Makemodule.am @@ -60,6 +60,13 @@ endif endif # BUILD_LOGIN +if BUILD_NOLOGIN +sbin_PROGRAMS += nologin +dist_man_MANS += login-utils/nologin.8 +nologin_SOURCES = login-utils/nologin.c +endif + + if BUILD_UTMPDUMP usrbin_exec_PROGRAMS += utmpdump dist_man_MANS += login-utils/utmpdump.1 diff --git a/login-utils/nologin.8 b/login-utils/nologin.8 new file mode 100644 index 000000000..b4e10704e --- /dev/null +++ b/login-utils/nologin.8 @@ -0,0 +1,53 @@ +.\" -*- nroff -*- +.TH NOLOGIN 8 "September 2013" "util-linux" "System Administration" +.SH NAME +nologin \- politely refuse a login +.SH SYNOPSIS +.B nologin +.RB [ \-V ] +.RB [ \-h ] +.SH DESCRIPTION +.B nologin +displays a message that an account is not available and exits non-zero. It is +intended as a replacement shell field to deny login access to account. +.PP +If the file /etc/nologin.txt exists, nologin displays its contents to the +user instead of the default message. +.PP +The exit code returned by +.B nologin +is always 1. +.PP +.SH OPTIONS +.IP "\fB\-h, \-\-help\fP" +Print help and exit. +.IP "\fB-V, \-\-version" +Print version and exit. +.SH NOTES +.B nologin +is per-account way to disable login (usually used for system accounts like http or ftp). +.BR nologin (8) +uses /etc/nologin.txt as optional source for non-default message, the login +access is always refused independently on the file. +.PP +.BR pam_nologin (8) +PAM module usually prevents all non-root users from logging into the system. +.BR pam_nologin (8) +functionality is controled by /var/run/nologin or /etc/nologin file. +.SH AUTHORS +.UR kzak@redhat.com +Karel Zak +.UE +.SH SEE ALSO +.BR login (1), +.BR passwd (5), +.BR pam_nologin (8) +.SH HISTORY +The +.B nologin +command appeared in 4.4BSD. +.SH AVAILABILITY +The nologin command is part of the util-linux package and is available from +.UR ftp://\:ftp.kernel.org\:/pub\:/linux\:/utils\:/util-linux/ +Linux Kernel Archive +.UE . diff --git a/login-utils/nologin.c b/login-utils/nologin.c new file mode 100644 index 000000000..a4fb82db6 --- /dev/null +++ b/login-utils/nologin.c @@ -0,0 +1,75 @@ +/* + * Copyright (C) 2013 Karel Zak + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "c.h" +#include "nls.h" +#include "pathnames.h" + +/* + * Always return EXIT_FAILURE (1), don't try to be smart! + */ + +static void __attribute__((__noreturn__)) usage(FILE *out) +{ + fputs(USAGE_HEADER, out); + + fprintf(out, + _(" %s [options]\n"), program_invocation_short_name); + + fputs(USAGE_OPTIONS, out); + fputs(USAGE_HELP, out); + fputs(USAGE_VERSION, out); + + fprintf(out, USAGE_MAN_TAIL("nologin(8)")); + exit(EXIT_FAILURE); +} + +int main(int argc, char *argv[]) +{ + int c, fd; + static const struct option longopts[] = { + { "help", 0, 0, 'h' }, + { "version", 0, 0, 'V' }, + { NULL, 0, 0, 0 } + }; + + setlocale(LC_ALL, ""); + bindtextdomain(PACKAGE, LOCALEDIR); + textdomain(PACKAGE); + + while ((c = getopt_long(argc, argv, "hV", longopts, NULL)) != -1) { + switch (c) { + case 'h': + usage(stdout); + break; + case 'V': + printf(UTIL_LINUX_VERSION); + return EXIT_FAILURE; + default: + usage(stderr); + break; + } + } + + fd = open(_PATH_NOLOGIN_TXT, O_RDONLY); + if (fd >= 0) { + char buf[BUFSIZ]; + ssize_t rd; + + while ((rd = read(fd, buf, sizeof(buf))) > 0) + ignore_result( write(STDOUT_FILENO, buf, rd) ); + close(fd); + } else + fprintf(stdout, _("This account is currently not available.\n")); + + return EXIT_FAILURE; +} -- cgit v1.2.3-55-g7522