Allow login with password only
 

I am amazed to see that I can login using some default users like www-data, mysql etc with/out password in linux. How can I allow login with correct password only? and some default users should note to be able login.
My OS
Linux friend 3.2.0-4-686-pae #1 SMP Debian 3.2.96-2 i686 GNU/Linux

You can log in with user nobody also. If you set a password for mysql, that will stop, but so might mysql:(

A better way to go if you're excited about it is to limit what user mysql can do. The guy who did qmail set up users with a shell of '/bin/true' which isn't much use to a hacker

By default system users like www-data and nobody are disabled and you should not be able to login. It is possible to use su or sudo to become a system user which is something different.

How are you logging in to www-data with/out password?

Thanks, I can login using www-data, root with invalid / incorrect password. I am really confused why it has to login with incorrect password though? when I login with www-data, the shell appears "You have mail" $
Also, when doing ssh, if I enter wrong password for root it enters which shouldn't.

Can you post the lines /etc/passwd and /etc/shadow for www-data?

Thanks, here you are;
passwd
www-data:x:33:33:www-data:/var/www:/bin/sh
shadow
www-data:*:17108:0:99999:7:::

Although you state the distribution is debian you have not fully described how it is configured nor how you are actually are logging in as www-data with or without a password.

Accounts with an * are disabled for login and have never had a password.

On my CentOS system, I've configured the system users (and mail-only users, for that matter) with /sbin/nologin as the login shell. Even root can't su to those:
I, too, am curious by what the OP means when they say login...in a terminal, at the console, on a desktop, using su?
Which?