Blog
How to Restrict Login Capabilities for Users in Ubuntu
Table of Contents
Introduction
Managing user access and privileges is a critical aspect of system administration. On Ubuntu, administrators have various methods to control user logins, ensuring better security and operational integrity. This guide focuses on methods like modifying system files and utilizing specific commands for restricting user logins in Ubuntu.
Quick summary
Looking for affordable server licenses? SharedLicense offers cPanel, DirectAdmin, LiteSpeed, CloudLinux, and Windows licenses at wholesale prices with instant delivery.
Browse licenses →Restricting Access Using /etc/passwd
One commonly used method involves modifying the /etc/passwd file. The file contains user account information, including the shell a user logs into. To restrict a user, their shell can be set to /usr/sbin/nologin. Here’s how to check and update the shell for a user:
For example, the entry might appear as follows:
When the shell is set to /usr/sbin/nologin, the user cannot log in. Attempting to switch to this user results in:
Restricting Access Using /etc/shadow
The /etc/shadow file stores encrypted password information for user accounts. To prevent a user from logging in, their password field can be set to * or !. This disables password authentication, effectively blocking access.
To verify, use:
The output will reflect the locked password field.
Utilizing /etc/nologin
Another effective method involves creating a /etc/nologin file. When this file exists, only root users can log in. Non-root users attempting to log in receive the message specified in the /etc/nologin file (if any).
Need the best price on server licenses?
Get cPanel, DirectAdmin, LiteSpeed & more with instant delivery and 24/7 support.
Shop Licenses →To implement:
Remove the file to restore regular login capabilities:
What is the purpose of /usr/sbin/nologin?
It prevents a user from logging into the system while still allowing them access to services like FTP or mail.
How do I re-enable login for a user locked with /etc/shadow?
Use the command sudo passwd -u username to unlock the user’s account.
Is it safe to directly edit /etc/passwd or /etc/shadow?
Editing these files requires caution. Use dedicated commands like usermod or passwd for safety.
Can the /etc/nologin file block root users?
No, the file only restricts non-root users. Root can always log in regardless of this file’s presence.
How do I log out all users for system maintenance?
You can use commands like wall to broadcast messages and then pkill -u username to log out users.
How to Change my Photo from Admin Dashboard?
Far far away, behind the word mountains, far from the countries Vokalia and Consonantia, there live the blind texts. Separated they live in Bookmarksgrove right at the coast
Is there a way to temporarily restrict all logins without modifying individual accounts?
Yes, the /etc/nologin file is ideal for this purpose.
