Linux deny or block user login

Q. How do I deny or block user login for user id tom? I’m using CentOS 5 Linux server OS.

A.. You need to use passwd command.

Deny user login by locking out account

Pass -l option to passwd command. It is used to lock the specified account and it is available to root only. The locking is performed by rendering the encrypted password into an invalid string and by prefixing the encrypted string with an !.

Syntax

passwd -l {username}

Unlock account or allow login

To allow login use passwd command as follows:
passwd -u {username}

This is the reverse of the -l option - it will unlock the account password by removing the ! prefix.

/sbin/nologin shell

/sbin/nologin displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field for accounts that have been disabled or login is blocked.

Example: Deny login for tom user

Type the command as follows (login as root user):
# passwd -l tom
You can also change shell to /sbin/nologin:
# usermod -s /sbin/nologin tom

Example: Allog login for tom user

Type the command as follows (login as root user):
# passwd -u tom
You can also need change back shell from /sbin/nologin to /bin/bash:
# usermod -s /bin/bash tom

For more information and other options read passwd command man page.