To prevent logins from users other than root while etcnologi

To prevent logins from users other than root while etcnologi - CompTIA Linux + XK0-005

Question

To prevent logins from users other than root while /etc/nologin exists, which PAM module should be used?

Answers

pam_login.so
pam_access.so
pam_logindef.so
correct

pam_nologin.so

Explanation

Correct Answer: D. pam_nologin.so

The pam_nologin.so module is specifically designed to prevent non-root users from logging in when the /etc/nologin file exists. If this file is present, the module denies login attempts for all users except root and displays the file’s content as a message. This is useful for system maintenance, ensuring only the root user has access while notifying others of the restricted state.

Why other options are incorrect:

A. pam_login.so: There is no standard pam_login.so module in typical PAM implementations. This appears to be a distractor or non-existent module and is not used to control login access based on the presence of /etc/nologin.
B. pam_access.so: This module controls login access based on user, group, or host through the /etc/security/access.conf file. It doesn’t handle the /etc/nologin mechanism and is more suited for policy-based access control, not maintenance-mode logins.
C. pam_logindef.so: This is not a valid PAM module. It may be a confusion with configuration files like login.defs, but such a module does not exist and cannot be used to manage user logins or system maintenance access via /etc/nologin.

View Full Course Content Try our Free Questions