LinuxCommandLibrary

nologin

Prevent user logins to the system

TLDR

Set a user's login shell to nologin to prevent the user from logging in

$ chsh [[-s|--shell]] [user] nologin
copy

Customize message for users with the login shell of nologin
$ echo "[declined_login_message]" > /etc/nologin.txt
copy

SYNOPSIS

nologin

DESCRIPTION

The nologin command is a system utility that prevents users (excluding root) from logging into the system. It's typically invoked as the user's shell in the /etc/passwd file. When a non-root user attempts to log in via services like SSH or through the console, nologin displays a pre-configured message, specified in /etc/nologin.txt (or a default message if the file doesn't exist), and then terminates the connection. This is commonly used during system maintenance, upgrades, or when access needs to be restricted for security reasons. Importantly, nologin does not affect users who have already logged in; it only prevents new login attempts. It's a simple but effective mechanism for controlling user access at the shell level, ensuring that only authorized personnel (typically root) can access the system during sensitive operations.

Using nologin can give you time to upgrade packages or make file system level changes on a server without regular users making changes at the same time.

CAVEATS

Only affects new logins. Existing sessions are not terminated. Root access is not affected.

MESSAGE CUSTOMIZATION

The message displayed by nologin can be customized by creating or modifying the /etc/nologin.txt file. The contents of this file are displayed to the user before the connection is terminated.
Example: echo "System undergoing maintenance. Please try again later." > /etc/nologin.txt

SETTING A USER'S SHELL TO NOLOGIN

To prevent a specific user from logging in, you can change their shell in /etc/passwd to /usr/sbin/nologin or /sbin/nologin. For example:
usermod -s /usr/sbin/nologin username
This will stop the user username from logging in.

HISTORY

nologin has been a standard part of Unix-like operating systems for a long time. It provides a simple way to disallow logins for non-root users, mainly for maintenance purposes. The tool is lightweight and has undergone minimal changes as its functionality is very specific.

SEE ALSO

passwd(5), login(1)

Copied to clipboard