How is /etc/nologin removed during reboot?
Tan Hsiao Wei
/etc/nologin file will not be removed after the system is rebooted:
# Remove /etc/nologin if left behind by shutdown
# rm -f /etc/nologin
However, the /etc/nologin file is still removed every time I reboot
my system. Does anyone know why this is so?
My system is RS6000/560 running AIX3.2.2.
--
Hsiao-Wei Tan
isct...@nuscc.nus.sg
Marc Auslander
file is to prevent getty from allowing new logins while shutdown is
running. However, during system test it was noticed that if shutdown
failed while /etc/nologin existed, and the machine was then rebooted,
there was no way to use it! So the lines you noticed were added to
/etc/rc.
(If you get stuck with an /etc/nologin file, you have to boot the
maintainance system to remove it.)
Why are you trying to keep the file around?
If you really want it, replace the line in /etc/rc with
touch /etc/nologin
but I think you will not like the results!
--
Marc Auslander (IBM)<ma...@marc.watson.ibm.com> 914 784-6699
(Internet)<ma...@watson.ibm.com>
Tan Hsiao Wei
The /etc/nologin file is removed by the shutdown script.
--
Hsiao-Wei Tan
isct...@nuscc.nus.sg
Casper H.S. Dik
>The design is that shutdown removes /etc/nologin. The purpose of the
>file is to prevent getty from allowing new logins while shutdown is
>running. However, during system test it was noticed that if shutdown
>failed while /etc/nologin existed, and the machine was then rebooted,
>there was no way to use it! So the lines you noticed were added to
>/etc/rc.
>(If you get stuck with an /etc/nologin file, you have to boot the
>maintainance system to remove it.)
>Why are you trying to keep the file around?
>If you really want it, replace the line in /etc/rc with
>touch /etc/nologin
>but I think you will not like the results!
Of course, you could have improved on the default behaviour when
/etc/nologin exists. We have modified login in such a way that if
/etc/nologin exists, people in the group wheel (i.e., those
that can su root) and root (if the tty is secure) can still login to
the system. The contents of /etc/nologin is always displayed, so
the people who are allowed in know what's going on.
Casper
J.Rowe
> The design is that shutdown removes /etc/nologin. The purpose of the
> file is to prevent getty from allowing new logins while shutdown is
> running. However, during system test it was noticed that if shutdown
> failed while /etc/nologin existed, and the machine was then rebooted,
> there was no way to use it! So the lines you noticed were added to
> /etc/rc.
> (If you get stuck with an /etc/nologin file, you have to boot the
> maintainance system to remove it.)
/etc/nologin does not prevent root from logging in.
John
Ben Pratt
> The design is that shutdown removes /etc/nologin. The purpose of the
> file is to prevent getty from allowing new logins while shutdown is
> running. However, during system test it was noticed that if shutdown
> failed while /etc/nologin existed, and the machine was then rebooted,
> there was no way to use it! So the lines you noticed were added to
> /etc/rc.
>
> (If you get stuck with an /etc/nologin file, you have to boot the
> maintainance system to remove it.)
>
> Why are you trying to keep the file around?
>
> If you really want it, replace the line in /etc/rc with
> touch /etc/nologin
> but I think you will not like the results!
There is at least one obvious reason why you would want to keep the
nologin file around after a reboot...
The removal of /etc/nologin occurs in several of the rc scripts. I would
recommend that you remove these and have rc.boot call your own local
startup script where you can place your own site-specific customizations
to the startup process. We call ours /usr/local/etc/rc.local. In it I
recommend that you test for the existance of a file named something like
/etc/disallow. If it exists, don't remove the /etc/login file, else do:
#!/bin/ksh
# rc.local - local startup customizations, called by rc.boot.
.
.
.
if [ -f /etc/disallow ] ; then
echo "/etc/nologin will NOT be removed if present..."
else
rm -f /etc/nologin
echo "Logins are ENABLED ..."
fi
Or something like that... As I recall, any changes made to rc.boot
require that bosboot be run with the appropriate options so that the
changes take effect.
Using this method, when you create /etc/nologin, you have the added
safety of needing to explicity touch /etc/disallow to force the nologin
file to stick around after a reboot.
We use this technique as part of a suite of scripts and crontab entries
to have our systems automatically shutdown at scheduled down times - our
operators run VM systems and we can't trust them to bring our systems
down cleanly, and we don't want to come in in the wee hours to do it
ourselves.
Ruth Milner
>failed while /etc/nologin existed, and the machine was then rebooted,
>there was no way to use it!
<sigh>
(Hey, Vijay, here's another, very serious, suggestion for providing the tools
that system administrators need in AIX; and it'll be really easy to do).
If by the above you mean that not even root can log on, this is a *BUG* in
AIX and it needs to be *FIXED*.
If, of course, that wasn't what you meant, or it's incorrect, then ignore
the rest of this, but the statement that one must boot in maintenance mode
to get rid of the thing suggests that it was your meaning. Can anybody verify
or refute the accuracy of it from AIX experience?
> Why are you trying to keep the file around?
Doesn't anyone at IBM ever need to reboot a system while they don't want users
on it? *That's* the purpose of /etc/nologin: not merely to prevent logins
during shutdown, but to prevent user logins at whatever time.
Maybe all the users inside IBM are courteous, sensible and computer-literate
(that's a compliment, note), so that you don't find people banging on their
keyboards every 5 seconds for 3 hours waiting for that Magic Moment when they
get a login prompt and can get back on - only to be sent a message from an
irritated sysadmin 30 seconds later, who couldn't get on quicker than the user
did to recreate /etc/nologin, which AIX had kindly deleted on his/her behalf.
Well, I find that here. This is not sarcasm, it is the absolute truth. I
laughed when I read that paragraph over too, but trust me, it happens, and it
is not so funny when you're trying to get a system back to normal.
>If you really want it, replace the line in /etc/rc with
>touch /etc/nologin but I think you will not like the results!
It should be fixed so the file is only removed at boot time - and then only if
the command to do so is in /etc/rc - and so that root can still log on even
if it does exist.
--
Ruth Milner NRAO/VLA Socorro NM
Computing Division Head rmi...@zia.aoc.nrao.edu
Matthew S. Cronk
Phase 3 of the disk boot process removes this file. See /sbin/rc.boot
and search for "nologin".
Matt
Charles Hannum
In article <1992Oct16....@zia.aoc.nrao.edu>
rmi...@zia.aoc.nrao.edu (Ruth Milner) writes:
>
> In article <MARC.92Oc...@marc.watson.ibm.com>
> ma...@watson.ibm.com (Marc Auslander) writes:
>>
>> The design is that shutdown removes /etc/nologin.
>> during system test it was noticed that if shutdown
>> failed while /etc/nologin existed, and the machine was then rebooted,
>> there was no way to use it!
>
> *BUG* in AIX and it needs to be *FIXED*.
I can tell you quite assuredly that it does *not* prevent root from
logging in. I use /etc/nologin for exactly this reason; it is created
every time the machine boots.
--
\ / Charles Hannum, myc...@ai.mit.edu
/\ \ PGP public key available on request.
Scheme White heterosexual atheist male (WHAM) pride!