Examine the extract of the /etc/nologin file and the /etc/pam.d/login file on server1:
[root@server1 ~] # cat /etc/nologin
bob
smith
[root@server1 ~] # cat /etc/pam.d/login
accountrequiredpam_nologin.so
accountincludesystem-auth
Which statement is true about users?
A.
Only the root user can log in to the system.
B.
Only users root bob and smith would be unable to log in to the system.
C.
All users, including the root user, would be permitted to log in to the system.
D.
All users, including the root user, would be unable to log in to the system.
Explanation:
auth required pam_nologin.so — This is the final authentication step. It checks
whether the /etc/nologin file exists. If it exists and the user is not root, authentication fails.
* The /etc/nologin file contains the message displayed to users attempting to log on to a machine
in the process of being shutdown.
* the login program defines its service name as login and installs the /etc/pam.d/login PAMconfiguration file.
A
A
The answer is A
==============
man pam.d
account
this module type performs non-authentication based account
management. It is typically used to restrict/permit access to a
service based on the time of day, currently available system
resources (maximum number of users) or perhaps the location of the
applicant user — ‘root’ login only on the console.
required
failure of such a PAM will ultimately lead to the PAM-API returning
failure but only after the remaining stacked modules (for this
service and type) have been invoked.
man pam_nologin
NAME
pam_nologin – Prevent non-root users from login
SYNOPSIS
pam_nologin.so [file=/path/nologin] [successok]
DESCRIPTION
pam_nologin is a PAM module that prevents users from logging into the
system when /var/run/nologin or /etc/nologin exists. The contents of
the file are displayed to the user. The pam_nologin module has no
effect on the root user’s ability to log in.
So correct answer is A