Linux User's special shell and Pam module __linux

For a host system, there will be some inaccessible users in the system, but they must also exist, what we call the inability to log on, is that this user can not use bash or other shell to login to the system, not that this account can not use other resources. For example, each system account, the print job by IP This account in the management, WWW service by the Apache account in the management, they can carry out the work of system management, but is unable to login confidant just.

To change the point of view if my Linux host is providing mail services, so, in this Linux host account, in fact, most are used to accept the host of the letter, do not need to log on to the host. At this point, we can consider simply using Mail's account to/sbin/nologin as their shell, so at least when my host tries to get the shell environment, it can reject the account.

In addition, if I want to let a/sbin/nologin user know that they can not log on to the host, we can actually create a new "/etc/nologin.txt" This file, and in this file to explain the reasons for not landing, then the next time the user wants to log on to the system, The contents of the file will appear

Description: In the creation of the user can not be landed, that is, its corresponding shell for/sbin/nologin then each user's landing will have the corresponding rules, that is, can not access the host, just accept the host will send over some of the letters, or other functions, We can create nologin.txt this document on our own, whenever the system logs on to these accounts. will emit this information.

Pam can be an application-interface (API) that provides a chain of validation mechanisms that allows Pam to repay the results of a user's validation (success or failure) as long as the user informs Pam of the requirements of the verification phase.

# # #PAM模块设置语法

Take passwd for example:

1. The user starts to execute/USER/BIN/PASSWD this program, and enters the password;

2. passwd calls Pam module for verification

3. The PAM module will go to/etc/pam.d/to find a configuration file with the same name as the program (passwd);

4. According to the setting within the/ETC/PAM.D/PASSWD, refer to the relevant Pam module to verify and analyze gradually;

5. Transmit the results of the verification to the PASSWD program;

6. passwd This program will determine the next operation based on the results of the PAM postback

Description:/ETC/PAM.D is now a configuration file

Description: The first column above (that is, the type of validation)

1. Auth

Used to verify the user's authentication, this type requires a password to verify, so subsequent modules are used to verify the identity of the user

2. Session