I have been playing with Squid with an idea of replacing a very expensive and problematic windows proxy and so far it works fine.

The latest squid was apt-getted. and is installed on top of Debian woody. Played with it for a couple of days up to the weekend. After rebooting on Monday, I get a message on login that comes from the presence of an /etc/nologin file and does not allow any non-root logins.

The man pages show that if an /etc/nologin file exists, no non-root logins are allowed. Delete the file if you want non-root logins. So far so good.

I delete the file and it allows me to log in as a casual user. But on the next reboot, the nologin file is recreated.

Since I have never seen this before on many installs of Debian, the file replacement has to be coming from Squid, I think. I haven't found (or maybe haven't recognised is a better term) the culprit in any of the startup scripts so far and googling brings up almost nothing on the subject except dozens of copies of the nologin man page. The Squid manual doesn't mention this "security feature".

Ideas anyone?

CptKrf

Check the time stamp on the file to see when it is created - then figure out if it is at boot or shutdown. Maybe grep for nologin in /etc/init.d/*

I'm fairly sure that its a file created on shutdown to stop new logins while the shutdown process starts... check /etc/rc0.d and /etc/rc1.d .... (it would be in /etc/init.d as well, but /etc/rc0.d and the other is a bit smaller of a list to look through).

I would think that it would be caused by a faulty shutdown process or bootup process..

The /etc/nologin file is created by the shutdown program. It should be deleted upon boot by init or whatnot. Try autorunning a script on boot that deletes it if all else fails.

You guys are right - it is created on shutdown and I had been taking apart the startup scripts. Greping hasn't found who is doing it yet but should be just a matter of time.

It appears that all Linuxes write that file on shutdown, to lockout logins. What may be happening is that it is not getting deleted on startup.

The interesting thing is that I have an identical (and I mean identical server - it was bought at the same time by just putting a 2 in the quantity column of all parts) and it was loaded by the same CD and apt-installed, apt-gotted, and apt-etceteraed identically. But, it doesn't have the above root login problem. Makes it easy to compare though.

It will be interesting to know what got triggered.

CptKrf