How to Disable Local Login in Linux

This tutorial explains how to disable local login through CLI terminal step by step with example. Linux provides six additional CLI consoles, along with one primary GUI console to login. Learn how to disable login in these additional consoles to secure the system.

Create a normal user in case you do not have any.

Example Questions:-

You are the administrator of domain. Configure to deny local login to all normal users on your domain server. As well as allow to root login only on First Terminal.

To accomplish this task follow this step by step guide

Login from root user and run these command

#touch /etc/nologin
#vi /etc/securetty


Comment all available terminall then first as show in figure

If /etc/nologin file is created, then pam modules pan_nologin deny to all non-root users to login locally. As you can see in third line of /etc/pam.d/login file

secure terminal

secure terminal

pam_securetty modules checks the /etc/securetty file, which terminal are available to root. If terminal is not available in this file then pam_securetty module deny to login on unavailable terminal to root user.

We have made necessary change in configuration files. Now root user can login locally only from terminal 1. All other users are denied from login locally except root. root user in itself can use only terminal 1. He will be denied from login locally same as other user if he try to login locally from other terminals except terminal 1.

secure terminal root login

You can verify it by login normal user on any locally available terminal
securetty deny user
secure terminal user deny

Now you have successfully accomplished the task given you its good habit to remove all the change you have made.

First remove the /etc/nologin file
Remove all the comments you placed in /etc/securetty

ComputerNetworkingNotes Linux Tutorials How to Disable Local Login in Linux