Deny user login by /etc/shadow

Default, Linux systems use /etc/shadow to store the encrypted user passwords. The quickest way to block a user is to alter is password stored in /etc/shadow. Normally an active user account will have one line in /etc/shadow that will look like:

files:$1$x52JQZle$82KTK0hbzozR3BRuwEWLF.:14970:0:99999:7:::

Where the second field is the encrypted password. If we replace the password with “*” or “!” this will make the account unusable, and it will mean that no login is permitted for the user

files:!:14970:0:99999:7:::

Deny user login by passwd command

Use flag -l to lock the specified account and it is available to root only, example deny user1 login

# passwd -l user1

Deny user login by usermod command

The /sbin/nologin command politely refuse a login. It displays a message that an account is not available and exits non-zero. This is prefreed method these days to deny login access to account. You can also change shell to /sbin/nologin, type the following command

# usermod -s /sbin/nologin user1

Verify with these commands:

# cat /etc/passwd | grep user1

Shown as follows

user1:x:607:605::/home/user1:/sbin/nologin

The post How To Deny Or Block User Login In Linux appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.