Home > Article > System Tutorial > To ensure system security, we will teach you various methods to prohibit user login in Linux!
To ensure system security, we will teach you various methods to prohibit user login in Linux!
- 王林forward
- 2024-02-14 17:33:22604browse
Security is an issue that every Linux system administrator must pay attention to and pay attention to, and prohibiting certain users from logging into the system is one of the very important security measures. This article will introduce in detail through examples how to prohibit certain users from logging in in the Linux system to protect system security.
By default, when creating a user account in Linux, the user has shell access. In some cases a user account login shell is not required. This article describes how to disable shell login for existing users and disable shell login when creating users.
Set prohibit shell login when creating a user
By default, when a user is created, the user will be assigned a shell as defined in the /etc/default/useradd file.
Linux comes with a /sbin/nologinshell that displays a message "This account is current not available" when the user tries to connect. This is a way to disable a user from logging into the shell. Here’s how to use it:
useradd -s /sbin/nologin {username}
In the following example, create a user and set the shell to /sbin/nologin:
[root@localhost ~]# useradd user01 -s /sbin/nologin [root@localhost ~]# tail -1 /etc/passwd user01:x:1000:1000::/home/user01:/sbin/nologin
View/etc/passwdYou can see that the shell of user01 is /sbin/nologin
Set a password for user01, and then log in via ssh to test:
[root@localhost ~]# echo '123'|passwd --stdin user01 Changing password for user user01. passwd: all authentication tokens updated successfully. [root@localhost ~]# ssh user01@localhost user01@localhost's password: This account is currently not available. Connection to localhost closed.
After entering the password, it prompts This account is current not available, and then the connection is closed.
Set prohibit shell login for existing users
To change the shell of an existing user, you can use the usermod and chsh commands to modify:
chshThe command syntax is as follows:
chsh -s /sbin/nologin {username}
Modify the shell of user02 below:
# Centos8默认没有安装chsh,使用下面命令安装: [root@localhost ~]# yum -y install util-linux-user [root@localhost ~]# chsh -s /sbin/nologin user02 Changing shell for user02. chsh: Warning: "/sbin/nologin" is not listed in /etc/shells. Shell changed.
usermod The command syntax is as follows:
usermod -s /sbin/nologin {username}
Modify the shell of user03 below:
[root@localhost ~]# usermod -s /sbin/nologin user03
You can also manually modify the user shell in the /etc/passwd file.
In Linux systems, prohibiting certain users from logging in is a very important security measure that can effectively protect the system from unauthorized access. Based on actual practice, this article introduces readers to several methods of prohibiting user login in detail, and also mentions precautions to avoid misoperation. I believe that through studying this article, readers will have a deeper understanding of user management and security measures in Linux systems.
The above is the detailed content of To ensure system security, we will teach you various methods to prohibit user login in Linux!. For more information, please follow other related articles on the PHP Chinese website!