Background: We have a policy in the company to deactivate the login possibility as much as possible, which is understandable.
I am just wondering if there are any other side effects if you specify /usr/sbin/nologin as the login shell of an account? Apart from the login capability are there any other capabilities or features which will be deactivated? Any other known side effects?
Most daemons will reject user access for users whose shells don't appear in /etc/shells (and those that authenticate using PAM can be made to do so with a line of configuration). But you'll need to check the ones you care about (FTP daemons, IMAP server, etc) to make sure their behaviour is what you want. You may need to add /usr/sbin/nologin (or /bin/false) to the /etc/shells file.
I'm assuming that this is additional to giving such users disabled passwords, which (if working correctly) means the disabled shell is a backstop to the primary restriction.
Basically there are no side effects. Check this out that might interest you.
nologinwill prompt the user if they attempt to login and that prompt is customizable you could put anything in the/etc/nologin.txtfile. Usingfalseis another option this will just drop the user with no prompt or anything. – Jason Croyle Feb 25 '21 at 20:20