diff options
author | Lennart Poettering <lennart@poettering.net> | 2018-02-22 14:21:30 +0100 |
---|---|---|
committer | Sven Eden <yamakuzure@gmx.net> | 2018-05-30 07:59:03 +0200 |
commit | 5e7eb6fbbd4a55cb4b26929482478ca7b2eef6aa (patch) | |
tree | e39e97234084d3e8c7d1eb1589b69347f883cbd9 /src/basic/fileio-label.c | |
parent | fc145f67d8597dea9bd9bfcacac1e6fec533051d (diff) |
nologin: extend the /run/nologin descriptions a bit (#8244)
This is an attempt to improve #8228 a bit, by extending the /run/nologin
a bit, but still keeping it somewhat brief.
On purpose I used the vague wording "unprivileged user" rather than
"non-root user" so that pam_nologin can be updated to disable its
behaviour for members of the "wheel" group one day, and our messages
would still make sense.
See #8228.
Diffstat (limited to 'src/basic/fileio-label.c')
-rw-r--r-- | src/basic/fileio-label.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/basic/fileio-label.c b/src/basic/fileio-label.c index 6b942627a..0baa6a2fd 100644 --- a/src/basic/fileio-label.c +++ b/src/basic/fileio-label.c @@ -69,3 +69,19 @@ int fopen_temporary_label(const char *target, return r; } #endif // 0 + +int create_shutdown_run_nologin_or_warn(void) { + int r; + + /* This is used twice: once in systemd-user-sessions.service, in order to block logins when we actually go + * down, and once in systemd-logind.service when shutdowns are scheduled, and logins are to be turned off a bit + * in advance. We use the same wording of the message in both cases. */ + + r = write_string_file_atomic_label("/run/nologin", + "System is going down. Unprivileged users are not permitted to log in anymore. " + "For technical details, see pam_nologin(8)."); + if (r < 0) + return log_error_errno(r, "Failed to create /run/nologin: %m"); + + return 0; +} |