A quick way for the admin to block interactive shells while keeping service accounts intact. 08.06.2026 | reading time: 2 min When the admin needs to prevent interactive logins, he sets an account's login shell to the nologin program so login attempts are politely refused while the account remains usable for services. Try it in minutes Perform these steps as root to create a service account and deny shell access: ```sudo useradd -m -s /sbin/nologin deploy getent passwd deploy # output example: deploy:x:1001:1001::/home/deploy:/sbin/nologin su - deploy # output example: This account is currently not available. echo $? # output example: 1 ``` When nologin wins Choose nologin when the admin wants a clear denial message and no interactive shell: it stops SSH and console logins for the account, is easy to set with usermod or useradd, and keeps the UID available for daemons and file ownership. Watchouts and adjustments Remember that some services consult /etc/shells and may treat nologin as invalid, so add its path there if a particular FTP or tool requires it; also note that /bin/false simply exits without a message and root can still assume the account if needed. Next steps Mastering nologin is a small but useful security habit; experiment with user shells, read PAM and /etc/shells behavior, and consider deepening your Linux skills with certifications like CompTIA Linux+ or LPIC-1 — bitsandbytes.academy offers intensive exam preparation. Join Bits & Bytes Academy First class LINUX exam preparation. security utilities processes setup
