/bin/nologin,/bin/false means that a user is forbidden to log on.
More common uses:
#/usr/local/apache-g apache-s/bin/false Apache
To deny a system user login, you can set its shell to/usr/sbin/nologin or/bin/false
Usermod-s | --shell /usr/sbin/nologin username
Or
Usermod-s | -Shell /bin/false username
Description and comparison:
/bin/false
/bin/false do nothing just return an error state and exit immediately. When the user's shell is set to/bin/false, the user will not be able to log in and will not be prompted.
/usr/sbin/nologin
Nologin will politely display a message to the user and deny the user login:
This account was currently not available.
Some software, such as some FTP server software, for local non-virtual accounts, only the user has a valid shell to use the FTP service. You can use Nologin to log in to the system, and to use some system services, such as FTP services. /bin/false is not, this is one of the important differences between the two.
/etc/nologin
If a/etc/nologin file exists, the system only allows the root user to log on, and all other users are denied login and the contents of the/etc/nologin file are displayed to them.
Other User management usage:
Lock user Account
Passwd-l | --lock username
Unlock user accounts
Passwd-u | --unlock username
Delete User Password
passwd-d | --delete username
Reference:
Http://openwares.net/linux/refuse_login.html (most of the above is transferred from this article)
Http://blog.sina.com.cn/s/blog_743a7cfd0102verw.html
Http://www.ixueyi.com/jingyan/1599118.html (less part of the above is transferred from this article)
Linux User Management using/bin/false and/usr/sbin/nologin to deny user login and its functional analysis (GO)