How to Disable Shell Access to User Account in Linux

By default when creating a user account in Linux, the user will explicitly have SSH access. There are situations where user accounts don't need shell access to FTP, mails, or ssh.

In this tutorial, we learn how to disable shell access for a user in Linux. This makes the user unable to login to the shell.

Create a new user with no shell access

By default when creating a user account, a shell is assigned to the user as define in the /etc/default/useradd file.

While creating a user account you can explicitly specify shell which user should login.

Linux comes with a /sbin/nologin shell which displays a message 'This account is currently not available', when a user attempt to connect. This is one way to disable the user from access the login shell.

Let's check two command to create a user with a disabled shell.

Using useradd:

Syntax:

useradd -s /sbin/nologin {username}

Using adduser:

Syntax:

adduser --shell /sbin/nologin {username}

Disable Shell for an existing user

To change shell for the existing user use chsh or usermod command.

Using chsh:

Syntax:

chsh -s /sbin/nologin {username}

To change shell to nologin for the user named bob, type:

sudo chsh -s /sbin/nologin bob

Using usermod:

Syntax:

usermod {username} -s {shell path}

To change shell to /sbin/ftpnologin for the user named bob, type:

sudo usermod bob -s /sbin/ftpnologin

You can customize the shell to show a custom message when users login via ftp.

!/bin/sh
 No shell access. Only FTP access allowed.

To give executable permission, type:

sudo chmod a+x /sbin/ftpnologin

All shells are available in /etc/shell, append new shell to this list:

echo "/sbin/ftpnologin" | sudo tee -a /etc/shells

Instead of doing the above methods, you can manually change the shell by editing /etc/password file, that will also work.

Conclusion

In this tutorial, we learned how to disable a user account from access to the default shell.

Thanks for reading, please leave your feedback and suggestions in the below comment section.

If this resource helped you, let us know your care by a Thanks Tweet. Tweet a thanks

Did you find this article helpful?

We are glad you liked the article. Share with your friends.

Sorry about that.

How can we improve it?

About The Author

Bobbin Zachariah

Bobbin started his career in IT in the year 2000 as a computer science instructor and worked as a Linux system engineer and senior analyst roles. Currently working in DevOps environments to increase efficiency and improve delivery time in AWS Cloud infrastructure. He is certified in RHEL, CCNA, and MCP and holds a Masters's in computer science. When in his free time love playing cricket, blogging, and listening to music.