Creating user accounts is something every DevOps or sysadmin professional does routinely. But what if you need to create a user that shouldn’t be able to log in?
Let’s say your backup software needs a user called ravi to operate—but you don’t want Ravi to SSH or open a shell. That’s where non-interactive shells come in.
🧠 What’s a Non-Interactive Shell?
A non-interactive shell like /sbin/nologin or /bin/false prevents a user from logging into the system.
The system can still assign permissions and use the account for running processes, but the user themselves can’t run commands or log in via SSH.
✅ Why Use It?
🔒 Security First:
You reduce attack surface by ensuring that service users can’t log in.
⚙️ For Automation:
Backup agents, cron jobs, and system daemons often require user accounts but not shell access.
💻 How to Create the User
Let’s say you’re working on App Server 2, and you want to create ravi as a system user with no login access.
Run the following:
sudo useradd -s /sbin/nologin ravi
If /sbin/nologin doesn’t exist, you can also use /bin/false.
🔍 Verify the User
Check if the user was created correctly:
getent passwd ravi
Sample Output:
ravi:x:1001:1001::/home/ravi:/sbin/nologin
If you see /sbin/nologin at the end, you’re good!
That’s it! You’ve now created a secure, non-login user on your system—perfect for automation tools, backup agents, and services.
Let me know in the comments how you handle service users in your setup! 🙌
Top comments (0)