mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-22 13:33:56 +03:00
nologin: extend the /run/nologin descriptions a bit (#8244)
This is an attempt to improve #8228 a bit, by extending the /run/nologin a bit, but still keeping it somewhat brief. On purpose I used the vague wording "unprivileged user" rather than "non-root user" so that pam_nologin can be updated to disable its behaviour for members of the "wheel" group one day, and our messages would still make sense. See #8228.
This commit is contained in:
parent
c5c07649c2
commit
6e11e7e67d
@ -67,3 +67,19 @@ int fopen_temporary_label(const char *target,
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
int create_shutdown_run_nologin_or_warn(void) {
|
||||
int r;
|
||||
|
||||
/* This is used twice: once in systemd-user-sessions.service, in order to block logins when we actually go
|
||||
* down, and once in systemd-logind.service when shutdowns are scheduled, and logins are to be turned off a bit
|
||||
* in advance. We use the same wording of the message in both cases. */
|
||||
|
||||
r = write_string_file_atomic_label("/run/nologin",
|
||||
"System is going down. Unprivileged users are not permitted to log in anymore. "
|
||||
"For technical details, see pam_nologin(8).");
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to create /run/nologin: %m");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -34,5 +34,6 @@ static inline int write_string_file_atomic_label(const char *fn, const char *lin
|
||||
return write_string_file_atomic_label_ts(fn, line, NULL);
|
||||
}
|
||||
int write_env_file_label(const char *fname, char **l);
|
||||
int fopen_temporary_label(const char *target,
|
||||
const char *path, FILE **f, char **temp_path);
|
||||
int fopen_temporary_label(const char *target, const char *path, FILE **f, char **temp_path);
|
||||
|
||||
int create_shutdown_run_nologin_or_warn(void);
|
||||
|
@ -1930,15 +1930,11 @@ static int nologin_timeout_handler(
|
||||
void *userdata) {
|
||||
|
||||
Manager *m = userdata;
|
||||
int r;
|
||||
|
||||
log_info("Creating /run/nologin, blocking further logins...");
|
||||
|
||||
r = write_string_file_atomic_label("/run/nologin", "System is going down.");
|
||||
if (r < 0)
|
||||
log_error_errno(r, "Failed to create /run/nologin: %m");
|
||||
else
|
||||
m->unlink_nologin = true;
|
||||
m->unlink_nologin =
|
||||
create_shutdown_run_nologin_or_warn() >= 0;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -51,12 +51,9 @@ int main(int argc, char*argv[]) {
|
||||
if (k < 0 && r >= 0)
|
||||
r = k;
|
||||
|
||||
} else if (streq(argv[1], "stop")) {
|
||||
r = write_string_file_atomic_label("/run/nologin", "System is going down.");
|
||||
if (r < 0)
|
||||
log_error_errno(r, "Failed to create /run/nologin: %m");
|
||||
|
||||
} else {
|
||||
} else if (streq(argv[1], "stop"))
|
||||
r = create_shutdown_run_nologin_or_warn();
|
||||
else {
|
||||
log_error("Unknown verb '%s'.", argv[1]);
|
||||
r = -EINVAL;
|
||||
}
|
||||
|
@ -8,4 +8,4 @@
|
||||
# See tmpfiles.d(5), systemd-user-session.service(5) and pam_nologin(8).
|
||||
# This file has special suffix so it is not run by mistake.
|
||||
|
||||
F! /run/nologin 0644 - - - "System is booting up. See pam_nologin(8)"
|
||||
F! /run/nologin 0644 - - - "System is booting up. Unprivileged users are not permitted to log in yet. Please come back later. For technical details, see pam_nologin(8)."
|
||||
|
Loading…
Reference in New Issue
Block a user