Let's say I create a user named "bogus" using the adduser
command. How can I make sure this user will NOT be a viable login option, without disabling the account. In short, I want the account to be accessible via su - bogus
, but I do not want it to be accessible via a regular login prompt.
Searching around, it seems I need to disable that user's password, but doing passwd -d bogus
didn't help. In fact, it made things worse, because I could now login to bogus without even typing a password.
Is there a way to disable regular logins for a given a account?
Note: Just to be clear, I know how to remove a user from the menu options of graphical login screens such as gdm, but these methods simply hide the account without actually disabling login. I'm looking for a way to disable regular login completely, text-mode included.
Best Answer
is what you want.
That will lock the user account. But you'll still be able to
but you'll have to
su - user
as root.Alternatively, you can accomplish the same thing by prepending a
!
to the user's password in/etc/shadow
(this is allpasswd -l
does behind the scenes). Andpasswd -u
will undo this.