On Linux systems, you can use either /bin/false or /sbin/nologin to deny users from logging into the system. Both of these shells simply print an error message and immediately return control to the calling process, preventing the user from logging in. However, there are some differences between the two:
/bin/false: This is a shell that returns an unsuccessful exit status, indicating that the user’s login has failed. It does not provide any additional error message to the user./bin/falseis commonly used for system accounts that are not intended for interactive login. For example, it can be used for accounts used by system services./sbin/nologin: This is a shell that provides a more informative message to the user, telling them that the account is not available for login./sbin/nologinis commonly used for user accounts that are disabled or not intended for interactive login, as it provides a more polite and clear error message to the user.
To set an account to use /bin/false, you can set the user’s shell to /bin/false in the /etc/passwd file:
username:x:1000:1000:User Name:/home/username:/bin/false
To set an account to use /sbin/nologin, you can set the user’s shell to /sbin/nologin in the /etc/passwd file:
username:x:1000:1000:User Name:/home/username:/sbin/nologin
In either case, the user will not be able to log into the system and will receive an error message indicating that the login is not allowed.