Restricting Shell Access

By default when you add new user to system (/etc/passwd file) it grant shell access, to avoid this for special users for which you dont want to give shell access </p>

add the users with shell option as /sbin/nologin

e.g. to add user Nagios with no shell access:

useradd -s /sbin/nologin nagios

to modify already added user with no shell access use

usermod -s /sbin/nologin nagios

By the way /sbin/nologin is the replacement for /bin/false method to block the shell access.

from http://www.cyberciti.biz site

How do I deny access to user account? Do I need to use /bin/false or /sbin/nologin to refuse a login?

The /sbin/nologin command politely refuse a login. It displays a message that an account is not available and exits non-zero. This is prefreed method these days to deny login access to account. You can use it as follows:
# usermod -s /sbin/nologin userName

The /bin/false is old method which does nothing and always return unsuccessful code. You can use it as follows to deny login access to existing user:
# usermod -s /bin/false userName
More About /etc/nologin File

If the file /etc/nologin exists, login will allow access only to root user. ther users will be shown the contents of this file and their logins will be refused. This is used when you need to deny login access to all users except root account. Just create /etc/nologin file and you are done:
cat > /etc/nologin

</div>

25 Jun 2012

Awk oneliner for convering float to interger UseFul Linux Commands - at one place

www.ijuned.com

Restricting Shell Access

Explore →