Each user in /etc/passwd is specified which shell to use, the two most common
1./sbin/nologin
2./bin/bash
The latter is well understood, that is, the system uses the bash shell environment to log in.
So I mainly learned /sbin/nologin and described it.
If an account uses /sbin/nologin, you cannot log in to the system at this time, even if a password is given. System accounts generally use this. The so-called "unable to log in" means that the user cannot use bash or other shells to log in to the system, it does not mean that the account cannot use system resources. For example, in each system account, the print job is managed by the lp account, and the www server is managed by the apache account. They can all work on the system program, but they cannot log in to the host. Sometimes some services, such as mail services, are mostly used to receive mail from the host, and do not require login. If an account tries to connect to my host to get a shell, we can deny it.
[root@localhost shell]# grep mail /etc/passwd
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
[root@localhost shell]# su - mail
最終ログイン: 2017/07/28 (金) 08:49:58 JST日時 pts/2
This account is currently not available.
In addition, if I want to let a user with /sbin/nologin know that when they cannot log in to the host, they can create a new file /etc/nologin.txt and write the reason why they cannot log in in the file. When the user logs in, The contents of this file will appear on the screen.
[root@localhost shell]# mv /etc/nologin.txt.bak /etc/nologin.txt
[root@localhost shell]# cat /etc/nologin.txt
this account is system account or mail account
[root@localhost shell]# su - mail
最終ログイン: 2017/07/28 (金) 09:01:19 JST日時 pts/2
this account is system account or mail account