Control users loggin /etc/passwd file

Posted: April 5, 2010 in Uncategorized
Tags:

This is something every sysadmin knows, or shoul know, but maybe Desktop Linux users does not know.

Yes it is not too useful for Desktop users anyway but, in case you do not know and might need to enable or disable the loggin ability of some users here is how to.
First let’s see why we would like to do such a thing (blocking a user from loggin).

If you have a Linux System that works as email server, you do not need to give loggin permissions to all the users of the box, specially if you allow them to change their passwords using poppassd, as the normal user usually use weak passwords, and if this user has full access to the server, someone may gess his password and hack your Linux.
So for the users you want to be able to loggin in to the server with ssh or from the console use a line like this in the password file /etc/passwd

user:x:1000:1000::/home/user:/bin/bash

And for the ones you do not want to have access to the server use:

user2:x:1001:1001::/home/user2:/bin/false

Usually you only need to change the /bin/bash to /bin/false once the user is created by editing (as root) the /etc/passwd file.
That user will still be able to use the pop3 / imap / smtp.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s