8

I tried to disable login for a user account but got this error in debain:

useradd: unrecognized option '--disabled-login'

What is the equivalent of this command for useradd? Do I have to pick another shell, if so, which one?

Jimmy
  • 355

3 Answers3

4

Use nologin as the default shell:

useradd --shell /usr/sbin/nologin [...]

*This path is on rpm based packages, not sure if debian has the same.

stderr
  • 986
2

Pay special attention to the use of useradd & adduser and which distro you're on. The implementations are often different across distros. I usually use usermod or passwd instead:

For example, you can just lock the password:

$ sudo passwd -l <username>

To unlock:

$ sudo passwd -u <username>

I'd also direct you to these Q&A's that already cover the various methods for "locking" a user's account.

From useradd's man page:

--disabled-login
       Do  not  run passwd to set the password.  The user won't be able
       to use her account until the password is set.
Community
  • 1
slm
  • 369,824
  • 'cmon this is much more "hacking way" that my one. From man pages: "Note that the account is not fully locked - the user can still log in by other means of authentication such as the ssh public key authentication." – stderr Mar 03 '14 at 14:52
  • @stderr - no way. This method or usermod are the prescribed methods. Depends on how much disabling you want to do. – slm Mar 03 '14 at 15:48
1

If the user already exists, consider using usermod. You have more than 1 way to disable login. One is just to not set a password (* or x or anything invalid in /etc/passwd). The other is to set default shell of a user to /bin/false (some distros define /bin/NoShell, /bin/nologin or something).

usermod -s /bin/false -p x <username>
orion
  • 41