Disable users from loggin into the server, except the administrator

In cases where you have to disable the login to all users,except root, for example when you have to do a backup, you have to use pam_nologin.so (man nologin).

1) Edit the pam file for the service you want to control, in this example i modify ssh pam control file, located in /etc/pam.d/sshd

Add this line
account required pam_nologin.so

2) Create the /etc/nologin file, just do “touch /etc/nologin”

This should disable the login from ssh. If you want to disable the login from terminal, modify the /etc/pam.d/login file.

3) To re-enable the login just remove /etc/nologin

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s