RHCE Linux - nologin file in etc directory and securetty file

In this article from our series of RHCE exam guide we will learn how can we secure local terminal. In this example we will use a normal user created in our pervious article named Vinita to deny locally login.You should create a normal user in case you do not have any.

Example Questions:-

You are the administrator of example.com domain. Configure to deny local login to all normal users on your domain server. As well as allow to root login only on First Terminal.
To accomplish this task follow this step by step guide

Login from root user and run these command

#touch /etc/nologin
#vi /etc/securetty

Comment all available terminall then first as show in figure

If /etc/nologin file is created, then pam modules pan_nologin deny to all non-root users to login locally. As you can see in third line of /etc/pam.d/login file

pam_securetty modules checks the /etc/securetty file, which terminal are available to root. If terminal is not available in this file then pam_securetty module deny to login on unavailable terminal to root user.

We have made necessary change in configuration files. Now root user can login locally only from terminal 1. All other users are denied from login locally except root. root user in itself can use only terminal 1. He will be denied from login locally same as other user if he try to login locally from other terminals except terminal 1.

You can verify it by login normal user on any locally available terminal

Now you have successfully accomplished the task given you its good habit to remove all the change you have made.

First remove the /etc/nologin file

Remove all the comments you placed in /etc/securetty