How to Block or Disable Normal User Logins in Linux

As a system administrator, you will inevitably perform scheduled system maintenances at some point or another. A few times, your system may also encounter some problem(s) and you will be forced to put it down to fix the problem(s). What ever the situations is, it is a good idea to prevent non-root(normal) users from connecting to the system.

Read Also: Disable or Enable SSH Root Login and Limit SSH Access in Linux

In this article, we will describe how to block non-root users logins using /etc/nologin file as well as a nologin shell in Linux. We will look at how to set a message that explains to users what is actually happening.

How to Block User Logins Using /etc/nologin File

The primary function of /etc/nologin file is to display a message (stored in the file) to users attempting to log on to a system during the process of shutdown.

Once the message has been displayed to the user, the login procedure terminates, preventing the user from logging onto the system.

This can be used to block user login by manually creating the file as follows.

# vi /etc/nologin

Add the message below to the file, which will be shown to users attempting to log on to the system.

The Server is down for a routine maintenance. We apologize for any inconvenience caused, the system will be up and running in 1 hours time. For more information, contact the system admin [email protected]. 

Now you can test if it all works; as you can see from the screen shot below, a normal user tecmint is not able to login.

Block User Login in Linux

Block User Login in Linux

How to Block User Logins Using nologin Shell

This method works a little differently: it only blocks a user from accessing a shell. But he or she can log on to the system via programs such as ftp that do not necessarily require a shell for the user to connect to a system.

Additionally, it can allow you to block shell access to specific users in special scenarios.

On RHEL/CentOS/Fedora

Simply use chsh (change shell) command to change the users shell in /etc/passwd file from something like /bin/bash or /bin/sh to /sbin/nologin meaning refuse a login.

# chsh -s /bin/nologin tecmint

On Debian/Ubuntu

Here, you have to use /bin/false file. The command below changes the user tecmint’s shell to /bin/false meaning do nothing (after user provides login credentials):

$ sudo chsh -s /bin/false tecmint

You may also like to read these following related articles.

  1. How to Enable and Disable Root Login in Ubuntu
  2. Resetting/Recovering Forgotten Root User Account Password in RHEL/CentOS 7
  3. How to Restrict SFTP Users to Home Directories Using chroot Jail
  4. How to Set and Unset Local, User and System Wide Environment Variables in Linux

That’s all for now! If you have any questions or additional ideas to share concerning this topic, make use of the comment form below.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide
The Complete Linux System Administrator Bundle
Become an Ethical Hacker Bonus Bundle

You may also like...

4 Responses

  1. Rasheed Sobowale says:

    its not suppose to be chsh -s /bin/nologin tecmint it’s suppose to be chsh -s /sbin/nologin tecmint that’s a syntax error.

  2. Janne Granström says:

    “sudo nano /etc/password”

    Find your username and replace the line: /bin/bash with /usr/sbin/nologin.

Leave a Reply to Aaron Kili Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.