I typically boot in mode 3 to a terminal. Fedora f39 going to lxde as
the desktop. Today with a cold boot and entering the user login the
following message showed
--
System is going down. Unprivileged users are not permitted to log in
anymore , for technical details see pam_nologin(8)
--
Further messages indicated that some updates were being installed. After
some minutes the system rebooted.
Everything known has been done to prevent any automatic updates with
manual dnf being used as needed. The pam_login module looks for the
existence of
/etc/nologin or
/var/run/nolongin
What is updating files without a command and writing these entries?
Maybe firmware updates -- these seem to differ depending on the type
of device and vendor.
System Resource Table (ESRT) and UEFI Capsule, which is supported
in
Linux kernel
4.2 and later. [...] ESRT allows the firmware to expose
updatable components to
the operating system, which can pass a
UEFI capsule with updated
firmware for processing and installation
on the next boot.
Journalctl may have more details, if you can find them amid the mass of detail
journalctl provides. It would be nice to have a mechanism that highlights entries
that are new to the current boot but have not appeared in previous boots.
--