Linux /bin/false VS /sbin/nologin: Politely Refuse a Login

How do I deny access to user account? Do I need to use /bin/false or /sbin/nologin to refuse a login?

The /sbin/nologin command politely refuse a login. It displays a message that an account is not available and exits non-zero. This is prefreed method these days to deny login access to account. You can use it as follows:
# usermod -s /sbin/nologin userName

ADVERTISEMENTS

The /bin/false is old method which does nothing and always return unsuccessful code. You can use it as follows to deny login access to existing user:
# usermod -s /bin/false userName

More About /etc/nologin File

If the file /etc/nologin exists, login will allow access only to root user. ther users will be shown the contents of this file and their logins will be refused. This is used when you need to deny login access to all users except root account. Just create /etc/nologin file and you are done:
cat > /etc/nologin
Sample ouputs:

Add your message here

A Better Solution

Lock and unlock user accounts using the following commands:
# passwd -l userName
To unlock it again:
# passwd -u userName

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
3 comments… add one
  • V Apr 5, 2011 @ 21:09

    The user can still login with shell set as /bin/false, he just can’t use the shell – this can be useful in some situations.

  • Chason Choate Nov 28, 2011 @ 21:36

    Beware that “passwd -l …” will still allow a user with a ssh pub/pri key to login.

    • Andrew Taylor Feb 25, 2012 @ 11:05

      On CENT/RHEL5+ Locking/Unlocking the account will affect those users who use password-less logins and authenticate via pub/pri key. I can’t confirm this categorically on any other distribution.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.