How do I restrict system logins using PAM?

Updated -

There is a PAM module called pam_listfile.so that can restrict/allow logins to a specific list of users or groups. To allow login to only the root user and another user called bob, add this line at the top of /etc/pam.d/system-auth:

auth required /lib/security/pam_listfile.so onerr=fail item=user sense=allow file=/etc/allowedus...

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In