Bug#118677: How to fix xdm and /etc/nologin
In order to make xdm work with /etc/nologin, there are two issues to fix:
First, by default, nologin is checked by PAM thanks to this line in /etc/pam.d/xdm:
auth requisite pam_nologin.so
Presumably xdm just gets a "no!" reply from PAM, with the result that
the user sees an unfriendly "login incorrect" message. I suggest
removing this from PAM so that xdm can handle it itself.
xdm's attempt to handle nologin is in the first few lines of /etc/X11/xdm/Xstartup:
if [ -e /etc/nologin ]; then
# always display the nologin message, if possible
if [ -s /etc/nologin ] && which xmessage > /dev/null 2>&1; then
xmessage -file /etc/nologin -geometry 640x480
fi
if [ "$(id -u)" != "0" ] && \
! grep -qs '^ignore-nologin' /etc/X11/xdm/xdm.options; then
exit 1
fi
fi
This fails because this script is run as root (see the comment at the
start), so $(id -u) will always return 0. The fix is instead to test
the $USER variable, which xdm passes; see the "STARTUP PROGRAM" section
of the xdm man page. Something like this:
if [ "$(id -u $USER)" != "0" ] ...
This seems to work for me.
I'm using xdm 1:1.0.4-1.
Reply to: