Exam topic 206.3 โ Notifying Users on System-Related Issues (weight: 1). Covers static login messages, dynamic broadcast messages, and systemd service and target management.
Overview
All user notification methods fall into two types:
- Static (logon messaging): files shown at login. Content changes only when the message itself is updated.
- Dynamic (fluid messaging): tools for immediately broadcasting messages to currently active users.
| Tool | Type | When shown | Audience |
|---|---|---|---|
/etc/issue | Static | Before login (pre-login) | Local tty terminals |
/etc/issue.net | Static | Before login (pre-login) | Telnet, SSH (if configured) |
/etc/motd | Static | After login (post-login) | Local tty terminals |
wall | Dynamic | Immediately | All active terminals |
shutdown | Dynamic | On schedule + immediately | All active terminals |
Static Login Messages
/etc/issue
/etc/issue is displayed on the tty login screen before the user enters a username and password. Typical use: company access policy, unauthorized access warning, planned maintenance announcement.
By default the file shows system information via escape sequences:
cat /etc/issue
# \S
# Kernel \r on an \m
Example modified file with a maintenance announcement:
########################################################
NOTICE
System will be down for maintenance
When: December 26 1:00am through 1:30am
########################################################
Warning: Displaying the distribution and kernel version in
/etc/issueis considered bad practice. An attacker gains valuable information before authentication. Legally it is better to add an unauthorized access prohibition notice.
/etc/issue.net
/etc/issue.net serves the same role as /etc/issue but is intended for remote connections. By default it is active only for Telnet. To enable it for SSH, edit the SSH configuration:
# /etc/ssh/sshd_config
# Uncomment this line:
Banner /etc/issue.net
After editing, restart the SSH server:
sudo systemctl restart sshd
Note: When using
/etc/issue.netover SSH, special escape sequences (e.g.,\rfor kernel version) may not work correctly. Plain text is safer.
/etc/motd
/etc/motd (Message of the Day) is displayed to the user after successful authentication but before the command prompt appears. Traditionally used for informal announcements; today more commonly used for upcoming maintenance notices, with /etc/issue and /etc/issue.net reserved for legal warnings.
On some distributions the file exists but is empty. On others it does not exist and must be created:
sudo nano /etc/motd
Example content:
Welcome to server01.example.com
Scheduled maintenance: Sunday 2:00am - 4:00am
Please save your work before then.
For support: helpdesk@example.com
Tip: On Ubuntu and Debian,
/etc/update-motd.d/contains scripts that dynamically generate/etc/motdat each login, showing current system information automatically.
Dynamic Messages to Active Users
wall
wall (write all) sends a message to all active terminals simultaneously. Message length is limited to 22 lines.
wall "Server reboot in 30 minutes. Please save your work."
# Send message from a file
wall /tmp/maintenance_notice.txt
# Suppress the standard broadcast banner (root only)
wall -n "Urgent: disk /dev/sdb failing, backup NOW"
By default any user can run wall. In practice administrators often restrict it to root only.
A user who does not want to receive broadcast messages can disable writes to their terminal:
mesg n # disallow writes to terminal
mesg y # re-enable
Which terminals have writes disabled can be checked with finger.
Important: The
-noption ofwallworks only for root and suppresses the standard broadcast header. It is only meaningful when used via therpc.wallddaemon.
shutdown
shutdown automatically sends broadcast messages as the shutdown time approaches and at the moment of shutdown itself.
# Shut down in 10 minutes with a message
shutdown -h +10 "Server halting for hardware replacement. Expected up at 00:00:00."
# Reboot at a specific time
shutdown -r 02:00 "Planned reboot for kernel update."
# Immediate shutdown
shutdown -h now
# Dry-run: sends warnings but does NOT shut down the system
sudo shutdown -k +20 "Please log out, maintenance starting soon."
# Shut down without broadcast messages
shutdown --no-wall +5
# Cancel a scheduled shutdown
shutdown -c "Maintenance postponed to next week."
Warning:
shutdown -kcreates/etc/nologin, which temporarily blocks new user logins โ even though the system is not actually shutting down. The file is removed when the dry-run period ends, but while it exists no new logins are possible.
Warning: If you ran
shutdown --no-wall +5and then cancel withshutdown -c, users will still receive the cancellation message. To suppress it too, useshutdown -c --no-wall.
shutdown options related to notifications:
| Option | Action |
|---|---|
+N | Run after N minutes |
HH:MM | Run at a specific time |
-k | Dry-run: warnings without actual shutdown |
--no-wall | Shutdown without broadcast messages |
-c | Cancel a scheduled shutdown |
-h | Halt after shutdown |
-r | Reboot after shutdown |
systemctl โ Managing System State
In systemd-based systems, systemctl replaces several legacy tools. It is the central tool for managing the systemd init system: services, system states (targets/runlevels), and unit configuration files.
Starting and Stopping Services
sudo systemctl start application.service
sudo systemctl stop application.service
# The .service suffix can be omitted
sudo systemctl start application
Multiple instances of the same service with different configs use @ syntax:
sudo systemctl start openvpn@config1.service
sudo systemctl start openvpn@config2.service
Multiple services in one command:
sudo systemctl stop application1.service application2.service
Restarting and Reloading Config
sudo systemctl restart application.service # full restart
sudo systemctl reload application.service # reload config without stopping
sudo systemctl reload-or-restart application.service # reload if possible, else restart
Enabling and Disabling Autostart
sudo systemctl enable application.service # enable autostart at boot
sudo systemctl disable application.service # disable autostart
enable creates a symlink from the service file (in /lib/systemd/system/ or /etc/systemd/system/) to the autostart directory (/etc/systemd/system/some_target.target.wants/). disable removes the symlink.
Important:
systemctl enableonly configures autostart for the next boot. To start the service immediately AND enable autostart, run both:systemctl startandsystemctl enable.
Checking Service Status
systemctl status sshd.service # full status with logs
systemctl is-active application.service # exit code 0 = active
systemctl is-enabled application.service # exit code 0 = autostart enabled
systemctl is-failed application.service # exit code 0 = failed
Example systemctl status sshd.service output:
sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Fri 2016-12-16 08:18:17 CET; 4h 58min ago
Process: 1033 ExecStart=/usr/sbin/sshd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 1067 (sshd)
is-active, is-enabled, and is-failed are especially useful in shell scripts where the exit code matters more than text output.
System State Overview
systemctl list-units # all active units
systemctl # same (default behavior)
systemctl list-units --all # all units including inactive
systemctl list-units --all --state=inactive # filter by state
systemctl list-units --type=service # filter by type
list-units output columns:
| Column | Content |
|---|---|
UNIT | Unit name in systemd |
LOAD | Whether configuration is loaded into memory |
ACTIVE | General state (active / inactive) |
SUB | Detailed state (running, exited, failed, etc.) |
DESCRIPTION | Brief unit description |
Viewing Unit Files
systemctl list-unit-files # all unit files on the system
The STATE column values:
| Value | Meaning |
|---|---|
enabled | Autostart is enabled |
disabled | Autostart is disabled |
static | No [Install] section; cannot be enabled via enable. Used as a dependency or one-shot action |
masked | Completely disabled; cannot be started manually or automatically |
Managing Unit Files
Viewing a unit file:
systemctl cat atd.service
Example output:
[Unit]
Description=ATD daemon
[Service]
Type=forking
ExecStart=/usr/bin/atd
[Install]
WantedBy=multi-user.target
Viewing dependencies:
systemctl list-dependencies sshd.service # dependency tree
systemctl list-dependencies sshd.service --all # all dependencies recursively
systemctl list-dependencies sshd.service --reverse # reverse (who depends on this)
systemctl list-dependencies sshd.service --before # what starts before this unit
systemctl list-dependencies sshd.service --after # what starts after this unit
Viewing unit properties:
systemctl show sshd.service # all properties as key=value
systemctl show sshd.service -p Conflicts # one specific property
Masking and unmasking:
Masking, unlike disable, makes the unit completely impossible to start. systemd creates a symlink to /dev/null. The service cannot be started manually or automatically.
sudo systemctl mask nginx.service # completely block the service
sudo systemctl unmask nginx.service # remove the block
Attempting to start a masked service gives:
Failed to start nginx.service: Unit nginx.service is masked.
Important:
disableremoves autostart but manualsystemctl startstill works.maskblocks all startup โ both manual and automatic โ untilunmaskis run.
Editing unit files:
sudo systemctl edit nginx.service # open snippet for partial override
sudo systemctl edit --full nginx.service # open full unit file for editing
systemctl edit without a flag creates /etc/systemd/system/nginx.service.d/ and opens an empty snippet file. Snippet settings override values from the system unit file.
--full loads the entire unit file into an editor and saves the modified copy to /etc/systemd/system/nginx.service. This copy takes priority over the system file in /lib/systemd/system/.
Removing changes:
sudo rm -r /etc/systemd/system/nginx.service.d # remove snippet
sudo rm /etc/systemd/system/nginx.service # remove overridden unit file
sudo systemctl daemon-reload # reload configuration
Warning: After any manual editing or deletion of unit files, run
systemctl daemon-reload. Without it, systemd continues using the old configuration from memory.
Managing Targets and Runlevels
Targets are special unit files with a .target suffix that describe system states. Their purpose is to group other units. This is the analog of SysV runlevels, but more flexible โ multiple targets can be active simultaneously.
Getting and setting the default target:
systemctl get-default # get current default target
sudo systemctl set-default graphical.target # set graphical mode as default
sudo systemctl set-default multi-user.target # return to multi-user without GUI
Listing targets:
systemctl list-unit-files --type=target # all target files
systemctl list-units --type=target # only currently active targets
Isolate: switching between targets:
isolate starts all units belonging to a target and stops all units not in it. Analogous to init N or telinit N in SysV.
systemctl list-dependencies multi-user.target # check dependencies first
sudo systemctl isolate multi-user.target # switch to multi-user without GUI
sudo systemctl isolate graphical.target # switch to graphical mode
Warning:
isolatestops services. Check dependencies withlist-dependenciesbefore isolating.
Shortcuts for common events:
sudo systemctl rescue # rescue mode (single-user equivalent)
sudo systemctl halt # stop system without cutting power
sudo systemctl poweroff # full power-off
sudo systemctl reboot # reboot
SysV runlevel to systemd target mapping:
| SysV Runlevel | systemd Target | Description |
|---|---|---|
| 0 | poweroff.target | Shutdown |
| 1 | rescue.target | Single-user / rescue mode |
| 2, 3, 4 | multi-user.target | Multi-user, no GUI |
| 5 | graphical.target | Multi-user with GUI |
| 6 | reboot.target | Reboot |
Escape Sequences in /etc/issue
/etc/issue supports escape sequences processed by getty:
| Sequence | Meaning |
|---|---|
\r | Kernel version (uname -r) |
\m | Processor architecture |
\n | System hostname |
\o | Domain name |
\d | Current date |
\t | Current time |
\s | OS name |
\S | Distribution name (from /etc/os-release) |
\l | Current tty line name |
Note: These sequences work in
/etc/issueviagetty. In/etc/issue.netover an SSH connection they are generally not interpreted.
Exam Cheat Sheet
Files and their purpose:
| File | When shown | For whom |
|---|---|---|
/etc/issue | Before login | Local tty |
/etc/issue.net | Before login | Telnet / SSH (requires config) |
/etc/motd | After login | Local tty |
Commands:
wall "message" # broadcast to all active terminals
shutdown -h +10 "text" # halt in 10 minutes with message
shutdown -r 02:00 "text" # reboot at 02:00
shutdown -k +20 "text" # dry-run (no actual shutdown)
shutdown --no-wall +5 # shutdown without broadcast
shutdown -c "text" # cancel scheduled shutdown
mesg n # disallow writes to terminal
mesg y # allow writes to terminal
systemctl restart sshd # restart SSH after sshd_config change
Enabling /etc/issue.net for SSH:
# /etc/ssh/sshd_config
Banner /etc/issue.net
Common Exam Mistakes
/etc/motdis shown AFTER login, not before./etc/issue.netby default only works with Telnet; SSH requires theBannerdirective insshd_config.wall -nworks only for root.shutdown -kcreates/etc/nologinand blocks new logins even though the system does not shut down.- Escape sequences (
\r,\m, etc.) are not guaranteed to work in/etc/issue.netover SSH.
Practice Questions
Q1. Which file displays a message to the user BEFORE authentication on a local tty terminal?
A. /etc/motd B. /etc/issue.net C. /etc/issue D. /etc/login.msg
Answer: C. /etc/issue is shown before the username and password are entered on a tty terminal.
Q2. What change must be made to /etc/ssh/sshd_config to have SSH display the contents of /etc/issue.net at login?
A. Issue /etc/issue.net B. Banner /etc/issue.net C. Motd /etc/issue.net D. LoginMessage /etc/issue.net
Answer: B. The Banner directive in sshd_config specifies the path to the pre-login message file.
Q3. An administrator wants to broadcast an urgent message to all logged-in users right now, without shutting down the system. Which command to use?
A. broadcast "message" B. notify "message" C. wall "message" D. write all "message"
Answer: C. wall broadcasts a message to all active terminals.
Q4. An administrator ran shutdown -k +30 "Maintenance in 30 minutes". What will happen?
A. The system shuts down in 30 minutes and users receive a warning
B. Users receive a warning, the system does not shut down, but new logins are blocked for 30 minutes
C. Only root receives the warning; the system does not shut down
D. No effect โ the -k flag is obsolete
Answer: B. The -k flag is a dry-run: warnings are sent but the system does not shut down. However, /etc/nologin is created, temporarily blocking new logins until the dry-run ends.
Q5. A user does not want to receive broadcast messages from wall. Which command should they run?
A. mesg n B. wall --ignore C. block wall D. chmod 000 /dev/tty
Answer: A. mesg n disallows writes to the user’s terminal, including messages from wall.
Q6. Which file is shown to a tty user AFTER successful login but BEFORE the command prompt appears?
A. /etc/issue B. /etc/issue.net C. /etc/motd D. /etc/profile
Answer: C. /etc/motd (Message of the Day) is displayed after authentication, before the shell prompt.
Q7. An administrator scheduled a shutdown with shutdown --no-wall +5 and now wants to cancel it so users do NOT receive the cancellation message. Which command is correct?
A. shutdown -c B. shutdown -c --no-wall C. shutdown --cancel --silent D. systemctl cancel shutdown
Answer: B. Using shutdown -c without --no-wall still sends a cancellation message to users. To suppress it, use shutdown -c --no-wall.
Q8. The escape sequence \r is used in /etc/issue. What does it display?
A. Hostname B. Kernel version C. Current date D. Processor architecture
Answer: B. The \r sequence in /etc/issue substitutes the kernel version (equivalent to uname -r).