Page 1 of 1

Group Bypass /etc/nologin

Posted: 2019/11/20 15:57:05
by t3kg33k
Anyone know if there is a way to specify a group allow access either via ssh or at console when there is a /etc/nologin file present?

I found a thread online that mentions adding the following line to /etc/pam.d/login just before the 'account required pam_nologin.so' line:

account [success=1 default=ignore] pam_succeed_if.so quiet user ingroup group

I've tested this and it's not working for me. I'm testing this in CentOS 7.

Re: Group Bypass /etc/nologin

Posted: 2019/11/25 19:23:14
by aks
Yes, it is part of the PAM stack, but I can't remember which one. Look at your PAM pack (for login) and read the man pages for each module used. Also for extra measure run SE in permissive mode (not sure if this is the case, shouldn't be, but SE is really big now).