Which of the following steps prevents a user from obtaining an interactive login session?
Which of the following steps prevents a user from obtaining an interactive login session?
To prevent a user from obtaining an interactive login session, one effective method is to change the user's login shell to a shell that does not allow login. The command `chsh -s /bin/false` sets the user's shell to `/bin/false`, which does not provide an interactive session, effectively preventing the user from logging in interactively. This method is specifically designed to stop logins and is commonly used for this purpose. The other options do not directly prevent interactive login sessions in the same direct and effective manner.
it is chsh -s /bin/false username
Correct
correct answer is E nologin file
yes, but in the /etc directory, not in the /home. so correct answer is chsh -s /bin/false
chsh -s /bin/false username
if we use nologin, it should be place in /etc folder and it will reject all users except root from logging in the system. But the question asks for "a user" not for all users, so we can change the path of bash shell in /etc/passwd file to /bin/false by using the command: chsh -s /bin/false username
chsh -s /bin/false user1 chsh -s /sbin/nologin => same behaviour, but differrent. false -> reject to execute nologin -> pam check and reject to login, then execute the message as below examples. ================================== [root@rhel8-02 ~]# grep user1 /etc/passwd user1:x:1001:1001::/home/user1:/sbin/nologin [root@rhel8-02 ~]# su user1 This account is currently not available. [root@rhel8-02 ~]# [root@rhel8-02 ~]# chsh -s /bin/false user1 Changing shell for user1. chsh: Warning: "/bin/false" is not listed in /etc/shells. Shell changed. [root@rhel8-02 ~]# grep user1 /etc/passwd user1:x:1001:1001::/home/user1:/bin/false [root@rhel8-02 ~]# su user1 [root@rhel8-02 ~]#
its supposed to be /usr/sbin/nologin
B is correct, but there must be a bad typo in that ""s Running the command chsh -s /bin/false with the user name.
"chsh -s /bin/false" is not correct, because chsh only cans change to a shell that is in the /etc/shells file, and /bin/false is not in this file, so if you execute this command you probably will get an error
from the NOTE section of the chsh man page ... "The only restriction placed on the login shell is that the command name must be listed in /etc/shells, unless the invoker is the superuser, and then any value may be added." So if the invoker is superuser or sudo is used this works. I have tried this with sudo and it works as intended.
but supposing that the shell is in this file, the option is correct