Restricting normal users in login in a linux server

Restricting normal users in login in a linux server

We can restrict normal users to login in server using pam. Pam module pam_nologin.so is used for the purpose. configure the /etc/pam.d/login like as shown below.#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth include system-auth
auth required pam_nologin.so file=/etc/nologin
#account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open
session optional pam_ck_connector.so

Block Non root user from shutdown the system

Prevent a non-root user from shutting down or rebooting the system

To prevent all non-root users from using the shutdown, reboot or halt commands, do the following :

1. In the file /etc/X11/gdm/gdm.conf , change the line that reads :

SystemMenu=true

to

SystemMenu=false

2. In the file /etc/inittab, change the line that reads :

ca:ctrlaltdel:/sbin/shutdown -t3 -r now

to

ca:ctrlaltdel:echo "You are not authorized to turn off the machine"

3. In the directory /etc/security/console.apps/, delete the file reboot, poweroff and halt.
4. Remove the file /usr/bin/poweroff