FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution. It is used to power modern servers, desktops, and embedded platforms.
Securing a system running FreeBSD is important because it can have important data stored on it. In a bigger organization where many users can have access to a system, it is important to identify and disable the user accounts that do not need login access.
This article describes how to disable a user’s login in FreeBSD including in text mode also.
Lock the user account
There are two ways to disable a user’s login. The first one is to deny access to a user account by locking it. You can use pw utility which is used to create modify or remove system users and groups to lock a user account.
[alert color=”yellow”]You need to run all the commands given here as root or with superuser privileges[/alert]Run the following command to lock a user’s account –
# pw lock user_account
For example to lock an account named lalit use –
# pw lock lalit
Now the user lalit will not able to login to his account. If needed you can unlock the login to a user’s account by using –
# pw unlock lalit
The above command will unlock the user account lalit.
Disable user’s login by changing the shell to nologin
The second way to disable the user’s login is by changing the shell to /usr/sbin/nologin
. Now change the user’s shell to /usr/sbin/nologin
by using the following command –
# chsh -s /usr/sbin/nologin lalit
The /usr/sbin/nologin
prevents the system from assigning a shell to users when they try to log in. The user lalit can not access his account because it has been disabled now.
If needed you can re-enable the login to a user’s account. For that, you need to change /usr/sbin/nologin
to /bin/sh
# chsh -s /bin/sh lalit
Conclusion
This article explained how to disable the user’s login in a system running FreeBSD. Now if you have a query or want to say something on this topic then write us in the comments below.