How to Block or Disable Normal User Logins in Linux

As a system administrator, you will inevitably perform scheduled system maintenances at some point or another. A few times, your system may also encounter some problem(s) and you will be forced to put it down to fix the problem(s). What ever the situations is, it is a good idea to prevent non-root(normal) users from connecting to the system.

Read Also: Disable or Enable SSH Root Login and Limit SSH Access in Linux

In this article, we will describe how to block non-root users logins using /etc/nologin file as well as a nologin shell in Linux. We will look at how to set a message that explains to users what is actually happening.

How to Block User Logins Using /etc/nologin File

The primary function of /etc/nologin file is to display a message (stored in the file) to users attempting to log on to a system during the process of shutdown.

Once the message has been displayed to the user, the login procedure terminates, preventing the user from logging onto the system.

This can be used to block user login by manually creating the file as follows.

# vi /etc/nologin

Add the message below to the file, which will be shown to users attempting to log on to the system.

The Server is down for a routine maintenance. We apologize for any inconvenience caused, the system will be up and running in 1 hours time. For more information, contact the system admin [email protected]. 

Now you can test if it all works; as you can see from the screen shot below, a normal user tecmint is not able to login.

Block User Login in Linux
Block User Login in Linux

How to Block User Logins Using nologin Shell

This method works a little differently: it only blocks a user from accessing a shell. But he or she can log on to the system via programs such as ftp that do not necessarily require a shell for the user to connect to a system.

Additionally, it can allow you to block shell access to specific users in special scenarios.

On RHEL/CentOS/Fedora

Simply use chsh (change shell) command to change the users shell in /etc/passwd file from something like /bin/bash or /bin/sh to /sbin/nologin meaning refuse a login.

# chsh -s /bin/nologin tecmint

On Debian/Ubuntu

Here, you have to use /bin/false file. The command below changes the user tecmint’s shell to /bin/false meaning do nothing (after user provides login credentials):

$ sudo chsh -s /bin/false tecmint

You may also like to read these following related articles.

  1. How to Enable and Disable Root Login in Ubuntu
  2. Resetting/Recovering Forgotten Root User Account Password in RHEL/CentOS 7
  3. How to Restrict SFTP Users to Home Directories Using chroot Jail
  4. How to Set and Unset Local, User and System Wide Environment Variables in Linux

That’s all for now! If you have any questions or additional ideas to share concerning this topic, make use of the comment form below.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

5 Comments

Leave a Reply
  1. Why hasn’t this been updated in the article? It seems they referenced it early in the article correctly, just when they show the command on the prompt it is reference incorrectly.

    Reply
  2. its not suppose to be chsh -s /bin/nologin tecmint it’s suppose to be chsh -s /sbin/nologin tecmint that’s a syntax error.

    Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.