A replacement for <tt>/etc/nologin</tt>

 **** NOLOGIN FEATURE FOR SYS5 SYSTEMS ****

Here is how it works.  The sysadmin types "init a" to *enable* logins.  This
is needed only after it has been previously disabled.  The sysadmin types 
"init b" to *disabled* logins.

host2(90)# ls -l /bin/*login*
-r-sr-xr-x   1 root     bin       101460 Mar 12 00:25 /bin/login
host2(91)# init b
host2(92)# ls -l /bin/*login*
lrwxrwxrwx   1 root     bin           12 Jun  3 22:48 /bin/login -> /etc/nologin.sys5
-r-sr-xr-x   1 root     bin       101460 Mar 12 00:25 /bin/login.DISABLED
host2(93)# init a
host2(94)# ls -l /bin/*login*
-r-sr-xr-x   1 root     bin       101460 Mar 12 00:25 /bin/login
host2(95)# 

host2(95)# egrep ':a:|:b:' /etc/inittab
a:a:wait:/etc/rc.logins.sys5 enable  > /dev/console 2>&1
b:b:wait:/etc/rc.logins.sys5 disable > /dev/console 2>&1
host2(96)# 

/etc/rc.logins.sys5 is a script I created which is executed by init to do the
appropriate thing (see demo above).  /etc/nologin.sys5 is the script that is
executed when someone tries to login.  If the tty is /dev/console, the
script calls the real login program (/bin/nologin.sys5 during the nologin 
period).  If the tty is not /dev/console, then it echo's a message and exits.

The rc.logins.sys5 script is fool-proof in that you can do an "init a" when logins
is already *enabled* and it will not hurt the system.  Same for "init b".

**here is /etc/rc.logins.sys5
#!/bin/sh

case $1 in
        enable)
                if [ -f /bin/login.DISABLED ]; then
                        rm /bin/login
                        mv /bin/login.DISABLED /bin/login
                        echo logins are enabled.
                else
                        echo logins already enabled.
                fi
                ;;
        disable)
                if [ ! -f /bin/login.DISABLED ]; then
                        mv /bin/login /bin/login.DISABLED
                        ln -s /etc/nologin.sys5 /bin/login
                        echo logins are disabled.
                else
                        echo logins already disabled.
                fi
                ;;
        install)
                if [ "`grep :/etc/rc.logins.sys5 /etc/inittab|wc -l`" -ne 2 ]
                then
                        ed /etc/inittab < /dev/console 2>&1
b:b:wait:/etc/rc.logins.sys5 disable > /dev/console 2>&1
.
w
q
EOF
                        echo nologin feature is now installed in inittab.
                else
                        echo nologin feature is already installed in inittab.
                fi
                ;;
esac

==============================

**here is /etc/nologin.sys5
#!/bin/sh

tty=`tty 2>/dev/null`
echo $tty
case "$tty" in
   /dev/console)
        exec /bin/login.DISABLED $*
        ;;
   *)
#       case "$2" in
#               masterhost1|masterhost1.us.oracle.com)
#                       exec /bin/login.DISABLED $*
#                       ;;
#       esac
        echo "No logins are allowed at this time - try later."
        exit 1
        ;;
esac

==============================

Put the above 2 scripts on the system and chmod them to 755.  Type 
"/etc/rc.logins.sys5 install" to install it.  Thats it!  Type "init b" to
disable logins and "init a" to enable logins.
Back to Solaris tips and tricks