When you need to forbid a user to login the Linux system, you lock that user’s account. There are a few ways to do that.
The simplest way to lock a user is with the passwd command. Without any option, passwd changes the user passwords.
passwd -l username locks the user and passwd -u username unlocks that user.
How to lock a user account with passwd -l
This following command, used as root will lock the user razvan:
# passwd -l razvan
How to unlock a user account with passwd -u
To unlock the user razvan, use this command as root:
# passwd -u razvan
How to unlock a user by changing the user’s login shell
The root can also lock a user by changing that user’s login shell to /bin/false or /usr/sbin/nologin. On Fedora, you have /sbin/nologin instead of the Debian /usr/sbin/nologin file.
First make sure that you have /bin/false and /usr/sbin/nologin (or /sbin/login, if you are a Fedora user) in the /etc/shells file:
$ cat /etc/shells
If you don’t find the two shells listed in the file, append them by hand:
$ echo "/bin/false" >> /etc/shells
$ echo "/usr/sbin/nologin" >> /etc/shells
OR (For Fedora):
$ echo "/sbin/nologin" >> /etc/shells
By setting the default login shell to /usr/sbin/nologin (or /sbin/nologin), the user will be allowed only to login to the ftp. /bin/false forbids the user to login to the system and also blocks the user’s ftp and ssh connections to the station.
$ sudo chsh -s /bin/false mike
$ sudo chsh -s /usr/sbin/nologin mike
OR (for Fedora):
$ sudo chsh -s /sbin/nologin mike
To restore the user’s system access, change it’s default shell back to one that allows user login: /bin/bash, /bin/sh, /bin/zsh, etc …