Tuesday, March 10, 2015

HOWTO Deny or Block an User on Linux

Deny user login by locking out account

"passwd -l" it is used to lock the specified account. Only root is allowed to block the users. The locking is performed by rendering the encrypted password into an invalid string and by prefixing the encrypted string with an !.

root@ximunix:~# passwd -l guest

You can also change shell to /sbin/nologin:
root@ximunix:~# usermod -s /sbin/nologin guest

Unlock account or allow login:

root@ximunix:~# passwd -u guest

You can also need change back shell from /sbin/nologin to /bin/bash:
root@ximunix:~# usermod -s /bin/bash guest

/sbin/nologin shell:

/sbin/nologin displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field for accounts that have been disabled or login is blocked.