Sometimes you may need to block or disable user login in Linux, if you are running system maintenance or if you believe any of the user credentials have been compromised. There are several ways to disable normal login in Linux. You may also use third-party tools for this purpose. In this article, we will look at two simple ways to disable user login in Linux. You can use these commands in any Linux system such as Ubuntu/Debian, RHEL, Fedora, CentOS.
How to Block or Disable User Login in Linux
Here are the couple of ways to block or disable user login in Linux.
1. Using /etc/nologin file
/etc/nologin file is simply used to display a message to non-root users who try to login during shutdown, and thereby prevent them from logging in. Generally, it is Linux system that automatically creates this file during system shutdown and deletes it on its own during bootup.
However, you can also create this file manually, on your own.
$ sudo vi /etc/nologin
Add the following message to it.
The Server going through a routine maintenance. We apologize for any inconvenience caused. The system will be up and running in 1 hour. For more information, contact the system admin.
Save and close the file. As long as this file is present in your system, Linux will block all non-root users from logging into your system. When you delete this file, non-root users will be able to login as before.
In fact, you can even automatically disable/enable login by adding above command to your shell script/cronjob that runs system maintenance. Here is an example of shell script with above commands.
$ sudo vi system_maintenance.sh
Add the following lines to your shell script
#!/bin/sh sudo echo "The Server going through a routine maintenance. We apologize for any inconvenience caused. The system will be up and running in 1 hour. For more information, contact the system admin." > /etc/nologin #commands to run system maintenance sudo rm /etc/nologin
In the above shell script, we first set the execution environment. Then we add the message to /etc/nologin file. Then we run commands required for system maintenance. Finally, we delete /etc/nologin file.
Make the shell script executable.
$ sudo chmod +x system_maintenance.sh
So when you run this script, Linux will disable all non-root login, run system maintenance, and then enable non-root logins, all automatically. You may add the above shell script to cronjobs to regularly run this script.
2. Using nologin shell
If you don’t want to allow shell access to users but don’t mind them logging in via other methods such as FTP then use nologin shell command. Every user has a default shell assigned to it. It may be bash or kshell or something else. If you want to disable shell access for a user, all you need to do is change their shell to /bin/nologin on RHEL/Fedora/CentOS and /bin/false on Ubuntu/Debian, using chsh (change) command.
RHEL/Fedora/CentOS
Here is an example to disable shell access for user test_user.
# chsh -s /bin/nologin test_user
Ubuntu/Debian
Here is an example to disable shell access for user test_user.
$ sudo chsh -s /bin/false test_user
That’s it. In this article, we have looked at a couple of simple ways to disable login for non-root users in Linux. You may use either of these methods depending on your requirement.
Also read:
How to Check Kernel Version in Linux
How to Create CSR for Wilcard SSL Certificate
How to Remove Unused Kernels in Ubuntu/Debian
How to Remove Unused Kernels in RHEL/Fedora/CentOS
How to Install Sublime Text in Linux
Related posts:
Sreeram has more than 10 years of experience in web development, Python, Linux, SQL and database programming.