Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 03-16-2007, 08:32 AM   #1
Registered: Jun 2005
Posts: 374

Rep: Reputation: 30
Disabling login access to account, nologin,false or null?

which is better for security in order to disable login to an account, setting the shell to false, nologin or null?

is there any difference?
Old 03-16-2007, 10:13 AM   #2
Registered: Nov 2006
Location: Indiana, U.S.A.
Distribution: Red Hat Enterprise Linux, Fedora, CentOS
Posts: 134

Rep: Reputation: 16
I assume that it's not a standard user account that you are wanting to block access to, since you could easily delete it or just do a 'usermod -L [username]' which will lock that account(-U will unlock it).

I believe that the best course of action would be to view /etc/passwd and see what other accounts of that same type are set as and mimic that configuration.

Using the -L/-U option, you will be able to see that the account is locked by looking at /etc/shadow. There will be an "!" in front of the password hash for the account if it's locked.

Last edited by Linville79; 03-16-2007 at 10:15 AM.
Old 03-16-2007, 10:36 AM   #3
Registered: Jun 2005
Posts: 374

Original Poster
Rep: Reputation: 30
yes I know how to lock an account, I guess what I am really asking is what the difference is functionally between the 3.

ie is there a way an attacker could get around one or something like that?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
User Account to Access Another Account benfaust Linux - General 2 06-28-2006 12:26 PM
disabling the root account shifter Slackware 23 06-04-2006 11:12 PM
is it legitimate and allowed and can be done to make another user account set uid and gid to null 0 to make another root account with different name and possibly not damage the debian system creating and using that new account BenJoBoy Linux - Newbie 12 01-29-2006 10:02 AM
/bin/false vs /sbin/nologin - difference? ziggie216 Linux - General 1 12-22-2005 02:59 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:46 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration