How do I deny access to user account? Do I need to use /bin/false or /sbin/nologin to refuse a login?
The /sbin/nologin command politely refuse a login. It displays a message that an account is not available and exits non-zero. This is prefreed method these days to deny login access to account. You can use it as follows:
# usermod -s /sbin/nologin userName
The /bin/false is old method which does nothing and always return unsuccessful code. You can use it as follows to deny login access to existing user:
# usermod -s /bin/false userName
More About /etc/nologin File
If the file /etc/nologin exists, login will allow access only to root user. ther users will be shown the contents of this file and their logins will be refused. This is used when you need to deny login access to all users except root account. Just create /etc/nologin file and you are done:
cat > /etc/nologin
Sample ouputs:
Add your message here
A Better Solution
Lock and unlock user accounts using the following commands:
# passwd -l userName
To unlock it again:
# passwd -u userName
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 3 comments… read them below or add one }
The user can still login with shell set as /bin/false, he just can’t use the shell – this can be useful in some situations.
Beware that “passwd -l …” will still allow a user with a ssh pub/pri key to login.
On CENT/RHEL5+ Locking/Unlocking the account will affect those users who use password-less logins and authenticate via pub/pri key. I can’t confirm this categorically on any other distribution.