How to use the command 'nologin' (with examples)

How to use the command 'nologin' (with examples)

The nologin command in Unix-like systems is an essential tool for system administrators who want to prevent certain users from logging into the system. Instead of completely removing a user account, which can erase important data or disrupt processes that depend on the user’s presence, changing the user’s shell to nologin offers a more straightforward and non-destructive solution. This command can also be accompanied by a custom message to inform users why they are denied access when they attempt to log in.

Use case 1: Setting a user’s login shell to nologin to prevent the user from logging in

Code:

chsh -s /usr/sbin/nologin username

Motivation for this use case:

In many situations, you may want to prevent a user from accessing the system without deleting their account. This can happen during temporary suspensions, for inactive accounts, or when converting service accounts that remotely perform scheduled tasks but do not require interactive login access. This approach ensures the account is preserved for historical records or system processes that may still interact with this account while preventing direct user login attempts.

Explanation for every argument given in the command:

  • chsh: This command stands for “change shell” and is used to change a user’s login shell.
  • -s: This option specifies the new shell for the user. By specifying /usr/sbin/nologin, you direct the system to use nologin as their shell.
  • /usr/sbin/nologin: This path points to the nologin executable, which effectively denies users from logging into interactive shells.
  • username: This placeholder represents the actual username of the user whose shell you wish to change. Replace this with the specific username targeted by this operation.

Example output:

When a user attempts to log in after this change, they will simply see nothing or a message if one is configured. The session will terminate without granting shell access. There will be no explicit command-line output from running chsh successfully, but the user’s shell setting will be updated in the system’s password file.

Use case 2: Customizing a message for users with the login shell of nologin

Code:

echo "Access to this account is restricted. Please contact your system administrator for more information." > /etc/nologin.txt

Motivation for this use case:

Custom messages can be very useful for administratively managed systems. When users who are unaware of why their access is restricted attempt to log in, they can be notified of the situation without experiencing confusion or undue panic. This message serves as a form of direct communication, instructing users to reach out to appropriate personnel (such as IT or system administrators) for assistance or clarification.

Explanation for every argument given in the command:

  • echo: This command is used in Unix-like systems to display a line of text.
  • “Access to this account…more information.”: This is the custom message intended for users who attempt to log in and are using the nologin shell.
  • >: This operator redirects the output of the echo command to a file. In this case, it overwrites the specified file.
  • /etc/nologin.txt: This is the default file location where the message is read by the nologin command when users attempt to log in. Its presence and content dictate what message is displayed.

Example output:

Upon a login attempt under a nologin shell with an /etc/nologin.txt message set, the user will see:

Access to this account is restricted. Please contact your system administrator for more information.

After displaying this message, the session will automatically terminate.

Conclusion:

The nologin command provides system administrators with a versatile and controlled method for denying user access without account deletion. By redirecting a user’s shell to nologin and leveraging a customizable message system, administrators can manage permissions effectively while maintaining the integrity and usability of user accounts in a multi-user system.

Related Posts

How to use the command 'cockpit-tls' (with examples)

How to use the command 'cockpit-tls' (with examples)

cockpit-tls is a command-line tool designed to act as a Transport Layer Security (TLS) terminating HTTP proxy.

Read More
How to Use the Command 'goimports' (with examples)

How to Use the Command 'goimports' (with examples)

The goimports command is a powerful tool for Go developers that simplifies the management of import statements in Go source files.

Read More
How to Use the Command 'gdal_contour' (with Examples)

How to Use the Command 'gdal_contour' (with Examples)

The gdal_contour command is a powerful tool within the Geospatial Data Abstraction Library (GDAL) suite used for creating contour lines and polygons from a digital elevation model (DEM).

Read More