How to Disable Shell Access to User Account in Linux

Last updated: August 22, 2022

By default when creating a user account in Linux, the user will explicitly have SSH access. There are situations where user accounts don't need shell access to FTP, mails, or ssh.

In this tutorial, we learn how to disable shell access for a user in Linux. This makes the user unable to login to the shell.

Create a new user with no shell access

By default when creating a user account, a shell is assigned to the user as define in the /etc/default/useradd file.

While creating a user account you can explicitly specify shell which user should login.

Linux comes with a /sbin/nologin shell which displays a message 'This account is currently not available', when a user attempt to connect. This is one way to disable the user from access the login shell.

Let's check two command to create a user with a disabled shell.

Using useradd:

Syntax:

useradd -s /sbin/nologin {username}

Using adduser:

Syntax:

adduser --shell /sbin/nologin {username}

Disable Shell for an existing user

To change shell for the existing user use chsh or usermod command.

Using chsh:

Syntax:

chsh -s /sbin/nologin {username}

To change shell to nologin for the user named bob, type:

sudo chsh -s /sbin/nologin bob

Using usermod:

Syntax:

usermod {username} -s {shell path}

To change shell to /sbin/ftpnologin for the user named bob, type:

sudo usermod bob -s /sbin/ftpnologin

You can customize the shell to show a custom message when users login via ftp.

!/bin/sh
 No shell access. Only FTP access allowed.

To give executable permission, type:

sudo chmod a+x /sbin/ftpnologin

All shells are available in /etc/shell, append new shell to this list:

echo "/sbin/ftpnologin" | sudo tee -a /etc/shells

Instead of doing the above methods, you can manually change the shell by editing /etc/password file, that will also work.

Conclusion

In this tutorial, we learned how to disable a user account from access to the default shell.

Thanks for reading, please leave your feedback and suggestions in the below comment section.

About The Author

Bobbin Zachariah

Bobbin Zachariah

Bobbin is a seasoned IT professional with over two decades of experience. He has excelled in roles such as a computer science instructor, Linux system engineer, and senior analyst. Currently, he thrives in DevOps environments, focusing on optimizing efficiency and delivery in AWS Cloud infrastructure. Bobbin holds certifications in RHEL, CCNA, and MCP, along with a Master's degree in computer science. In his free time, he enjoys playing cricket, blogging, and immersing himself in the world of music.

SHARE

Comments

Please add comments below to provide the author your ideas, appreciation and feedback.

Comments Off on How to Articles