A /usr/bin/false vs. /sbin/nologin argument led me to nologin(8) so here are some suggestions.
- de-lint - return instead of exit() - no need to tell an *possible evil* ssh user that pledge(2) failed - some more churn/clean up Greetings Ben Index: nologin.c =================================================================== RCS file: /cvs/src/sbin/nologin/nologin.c,v retrieving revision 1.6 diff -u -p -r1.6 nologin.c --- nologin.c 13 Oct 2015 07:10:38 -0000 1.6 +++ nologin.c 6 Mar 2016 08:46:24 -0000 @@ -26,19 +26,14 @@ */ #include <sys/types.h> -#include <err.h> #include <fcntl.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> -/* Distinctly different from _PATH_NOLOGIN. */ -#define _PATH_NOLOGIN_TXT "/etc/nologin.txt" - #define DEFAULT_MESG "This account is currently not available.\n" -/*ARGSUSED*/ int main(int argc, char *argv[]) { @@ -47,17 +42,16 @@ main(int argc, char *argv[]) char nbuf[BUFSIZ]; if (pledge("stdio rpath", NULL) == -1) - err(1, "pledge"); + return (1); - nfd = open(_PATH_NOLOGIN_TXT, O_RDONLY); - if (nfd < 0) { + nfd = open("/etc/nologin.txt", O_RDONLY); + if (nfd < 0) write(STDOUT_FILENO, DEFAULT_MESG, strlen(DEFAULT_MESG)); - exit (1); + else { + while ((nrd = read(nfd, nbuf, sizeof(nbuf))) != -1 && nrd != 0) + write(STDOUT_FILENO, nbuf, nrd); + close (nfd); } - while ((nrd = read(nfd, nbuf, sizeof(nbuf))) != -1 && nrd != 0) - write(STDOUT_FILENO, nbuf, nrd); - close (nfd); - - exit (1); + return (1); }