Ardika Sulistija: Created page with "====Disable ability to log into the system using a Shell==== Setting a user's shell to /bin/false effectively disables their ability to log into the system using a shell. It restricts certain user accounts (like system or service accounts) from gaining shell access, reducing the attack surface. You can set a user's shell to /bin/false by modifying the /etc/passwd file directly or using a command like chsh. For example: sudo chsh -s /bin/f..."

2024-11-14T22:53:28Z

Created page with "====Disable ability to log into the system using a Shell==== Setting a user's shell to /bin/false effectively disables their ability to log into the system using a shell. It restricts certain user accounts (like system or service accounts) from gaining shell access, reducing the attack surface. You can set a user's shell to /bin/false by modifying the /etc/passwd file directly or using a command like chsh. For example: sudo chsh -s /bin/f..."

New page
====Disable ability to log into the system using a Shell====

Setting a user's shell to /bin/false effectively disables their ability to log into the system using a shell. It restricts certain user accounts (like system or service accounts) from gaining shell access, reducing the attack surface.

You can set a user's shell to /bin/false by modifying the /etc/passwd file directly or using a command like chsh. For example: sudo chsh -s /bin/false username

[bob@bob-computer ~]$ dzdo chsh -s /bin/false jerry
hanging shell for jerry.
chsh: Warning: "/bin/false" is not listed in /etc/shells.
Shell changed.

[bob@bob-computer ~]$ cat /etc/passwd | grep jerry
jerry:x:1000:1000::/home/jerry:/bin/false

Confirmed that I couldn't even get into the jerry shell with root, if /bin/false is set for jerry:
[root@bob-computer bob]# sudo -i -u jerry
[root@bob-computer bob]# echo $?
1

Shell - Revision history