Linux User Management using/bin/false and/usr/sbin/nologin to deny user login and its functional analysis

/bin/nologin,/bin/false means that a user is forbidden to log on.

More common uses:

#/usr/local/apache-g apache-s/bin/false Apache

To deny a system user login, you can set its shell to/usr/sbin/nologin or/bin/false

Usermod-s | --shell /usr/sbin/nologin username

Or

Usermod-s | -Shell /bin/false username

Description and comparison:

/bin/false

/bin/false do nothing just return an error state and exit immediately. When the user's shell is set to/bin/false, the user will not be able to log in and will not be prompted.

/usr/sbin/nologin

Nologin will politely display a message to the user and deny the user login:

This account was currently not available.

Some software, such as some FTP server software, for local non-virtual accounts, only the user has a valid shell to use the FTP service. You can use Nologin to log in to the system, and to use some system services, such as FTP services. /bin/false is not, this is one of the important differences between the two.

/etc/nologin

If a/etc/nologin file exists, the system only allows the root user to log on, and all other users are denied login and the contents of the/etc/nologin file are displayed to them.

Other User management usage:

Lock user Account

Passwd-l | --lock username

Unlock user accounts

Passwd-u | --unlock username

Delete User Password

passwd-d | --delete username

Reference:

Http://openwares.net/linux/refuse_login.html (most of the above is transferred from this article)

Http://blog.sina.com.cn/s/blog_743a7cfd0102verw.html

Http://www.ixueyi.com/jingyan/1599118.html (less part of the above is transferred from this article)

Linux User Management using/bin/false and/usr/sbin/nologin to deny user login and its functional analysis (GO)