Shell

From DikapediaV2
Revision as of 22:53, 14 November 2024 by Ardika Sulistija (talk | contribs) (Created page with "====Disable ability to log into the system using a Shell==== Setting a user's shell to <b>/bin/false</b> effectively disables their ability to log into the system using a shell. It restricts certain user accounts (like system or service accounts) from gaining shell access, reducing the attack surface. You can set a user's shell to <b>/bin/false</b> by modifying the <b>/etc/passwd</b> file directly or using a command like <b>chsh</b>. For example: <b>sudo chsh -s /bin/f...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Disable ability to log into the system using a Shell

Setting a user's shell to /bin/false effectively disables their ability to log into the system using a shell. It restricts certain user accounts (like system or service accounts) from gaining shell access, reducing the attack surface.

You can set a user's shell to /bin/false by modifying the /etc/passwd file directly or using a command like chsh. For example: sudo chsh -s /bin/false username

[bob@bob-computer ~]$ dzdo chsh -s /bin/false jerry
hanging shell for jerry.
chsh: Warning: "/bin/false" is not listed in /etc/shells.
Shell changed.

[bob@bob-computer ~]$ cat /etc/passwd | grep jerry
jerry:x:1000:1000::/home/jerry:/bin/false

Confirmed that I couldn't even get into the jerry shell with root, if /bin/false is set for jerry:

[root@bob-computer bob]# sudo -i -u jerry
[root@bob-computer bob]# echo $?
1