Using /bin/false shell on Red Hat systems
 

Hi.


I can't seem to find any good documentation on what exactly using /bin/false as a users shell implies. Does anyone know this?

I need to create a user which can authenticate (using a third party software) but not log in. Using /bin/false as a shell for that user seems to do the trick, but I'd like to understand the use of /bin/false.

And how does /bin/false differ from /sbin/nologin?


Regards,
kenneho

In brief: /sbin/nologin refuses login with a corresponding message, /bin/false just does nothing and returns 1. You should simply read their very short man pages. ;)

Well, on my machine, /bin/false is program that appears to do nothing. It's a binary so, to see exactly what it does, you'll need to get the source code.

And this from the man page:
So, if it does nothing unsuccessfully, does that mean it actually did something? No wonder they say programmers are weird.....;)

Seriously, what I take away is that a user logging in who is assigned "false" as his/her shell is politely informed that he/she cannot run a shell.

Ah, I didn't find the man pages at first, but now I did. :)

I came across http://www.semicomplete.com/articles/ssh-security/ which describe /bin/false as a non-secure feature for use as a shell. It's definately worth a read.

And for my problem, I'm going for creating a regular user, but preventing SSH login in sshd_config.


But thanks for the advice anyways!