pam_nologin

pam_nologin is a PAM module, not a standalone command executed from the shell. Its usage is defined within PAM configuration files (e.g., /etc/pam.d/login, /etc/pam.d/sshd) using the following syntax:

type control module-path arguments

Example:
account required pam_nologin.so

no_unix_warn
    Do not print the traditional "System is going down" warning message if the module fails due to the nologin file.

fail_now
    If this module returns PAM_AUTH_ERR (e.g., due to /etc/nologin existing), immediately terminate the authentication process without processing subsequent modules in the PAM stack.

pam_nologin is a Pluggable Authentication Module (PAM) that restricts system access for regular users. It checks for the existence of the files /etc/nologin or /run/nologin. If either of these files exists, and the user attempting to log in is not root, pam_nologin will prevent the login. The content of the nologin file is typically displayed to the user as a message explaining why they cannot log in. This module is commonly used by system administrators to temporarily prevent normal user logins during maintenance periods, upgrades, or system shutdowns, allowing only the root user to access the system for critical operations. It is usually configured as an account or auth type in PAM configuration files like login, sshd, or ftp.

Affects all services configured with pam_nologin.
Only prevents non-root users from logging in; the root user can still log in.
The nologin file (/etc/nologin or /run/nologin) must be deleted after maintenance to re-enable normal user logins.
Can be bypassed if other authentication methods (e.g., SSH keys with PermitRootLogin yes) are not properly restricted or if PAM is misconfigured for a service.

pam_nologin is configured in files located in /etc/pam.d/, for example, /etc/pam.d/login, /etc/pam.d/sshd, or /etc/pam.d/ftp. The module typically appears with the account or auth control flags.

The text contained within /etc/nologin or /run/nologin is displayed to users attempting to log in, providing them with a reason for the access restriction.

PAM (Pluggable Authentication Modules) was developed by Sun Microsystems in the mid-1990s. pam_nologin is a standard module included in most PAM implementations, providing a simple yet effective mechanism for system-wide login control during critical operations. Its core function has remained largely consistent over time.

pam(8), nologin(5), pam_deny(8), shutdown(8), reboot(8)