Limiting the login capabilities of users
A major role of a system administrator is to configure and manage users and groups on a Linux system. It also involves the task of checking the login capabilities of all users.
Getting ready
All the steps given below have been tried on an Ubuntu system; however, you can also follow these on any other Linux distribution.
How to do it...
Here we will discuss how the login capabilities of users can be restricted on a Linux system:
- We can restrict the access of a user account by changing the login shell of the account to a special value in the
/etc/passwd
file. Let's check the details of an account,sslh
as an example, in the/etc/passwd
file, as shown:cat /etc/passwd | grep sslh
- In the preceding details, the final value for the
sslh
account is set to/bin/false
. If we now try to log in tosslh
user as root, we see that we are not able to do so:su sslh
- So now, if we change the shell of the user account we wish to restrict, we can do so as shown:
- Another...