In this tutorial, we will cover the various methods used to block user logins on Linux and their differences.
2. The nologin Command
We can use the nologin command to prevent a user from logging in. It prints a message and exits with a non-zero status code to indicate failure. We can change a user’s login shell with the usermod command’s -s flag.
As an example, let’s use it to prevent a user called baeldung from logging in:
$ sudo usermod baeldung -s /sbin/nologin $ sudo su - baeldung This account is currently not available.
Now, if we try to use su to log into the account, we see an error indicating that logins have been disabled.
We can also modify the error message by modifying the /etc/nologin.txt file:
$ echo "Hi, logins have been disabled for your account. Please contact your system administrator for more information" | sudo tee /etc/nologin.txt $ su - baeldung Hi, logins have been disabled for your account. Please contact your system administrator for more information
3. The false Command
$ false $ echo $? 1
false is the opposite of the true command, which always returns a zero status code, indicating success:
$ true $ echo $? 0
We can use them in Bash while statement to repeatedly execute code:
while false; do echo "This code will never run!" done while true; do echo "This code will run forever!" done
The first code block is never executed since false always indicates failure, while true always indicates success:
$ ./script This code will run forever! This code will run forever! This code will run forever! ...
While it is not the false command’s primary purpose, we can still use it for preventing user logins, just like we did with the nologin command. However, false does not print an error message and immediately exits the shell, which can cause confusion:
$ sudo usermod baeldung -s /bin/false $ sudo su - baeldung $ echo $? 1
This means that we cannot customize error messages as we did with nologin in the previous section.
4. The passwd Command
We can use the passwd command’s -l flag to lock a user account, preventing logins:
$ sudo passwd -l baeldung passwd: password expiry information changed. $ su - baeldung Password: su: Authentication failure
Now when we try to login, su will treat all passwords as invalid. We can unlock the account with sudo passwd -u baeldung. This method is similar to the false command since it doesn’t allow us to display a descriptive message.
5. The usermod Command
Similar to the passwd command, we can use the usermod command with the -L or -U flags to lock/unlock a user account:
$ sudo usermod -L baeldung $ su - baeldung Password: su: Authentication failure $ sudo usermod -U baeldung $ su - baeldung Password: $ echo $? # Success 0
In this article, we learned about various commands used to block user logins on Linux and their differences. Usually, the nologin command is preferred to other methods like false or passwd since it allows us to set a custom message explaining why the account was locked.