The file
/etc/nologin, if it exists, causes the login procedure, used by programs such as
login(1), to terminate. The program may display the contents of
/etc/nologin to the user before exiting.
This file is a simple mechanism to temporarily prevent incoming logins. As such, the file
/etc/nologin is created by
shutdown(8) five minutes before system shutdown, or immediately if shutdown is in less than five minutes. The file
/etc/nologin is removed just before
shutdown(8) exits.
To disable logins on a per-account basis, see
nologin(8).
The file
/etc/nologin has no affect on the login procedure for the root user.