Shell

From DikapediaV2
Jump to: navigation, search

Disable ability to log into the system using a Shell

Setting a user's shell to /bin/false effectively disables their ability to log into the system using a shell. It restricts certain user accounts (like system or service accounts) from gaining shell access, reducing the attack surface.

You can set a user's shell to /bin/false by modifying the /etc/passwd file directly or using a command like chsh. For example: sudo chsh -s /bin/false username 

[bob@bob-computer ~]$ dzdo chsh -s /bin/false jerry
hanging shell for jerry.
chsh: Warning: "/bin/false" is not listed in /etc/shells.
Shell changed.

[bob@bob-computer ~]$ cat /etc/passwd | grep jerry
jerry:x:1000:1000::/home/jerry:/bin/false

Confirmed that I couldn't even get into the jerry shell with root, if /bin/false is set for jerry: 

[root@bob-computer bob]# sudo -i -u jerry
[root@bob-computer bob]# echo $?
1
Retrieved from "https://dikapediav2.com/wiki/index.php?title=Shell&oldid=260"