LX0-104 · Question #272
Which of the following is the BEST way to temporarily suspend a user's ability to interactively login?
The correct answer is C. Changing the user's shell to /bin/false.. The most effective and reversible method to temporarily suspend a user's interactive login capability is by changing their shell to /bin/false.
Question
Options
- AChanging the user's UID.
- BChanging the user's password.
- CChanging the user's shell to /bin/false.
- DRemoving the user's entry in /etc/passwd.
- EPlacing the command logout in the user's profile.
How the community answered
(27 responses)- A7% (2)
- B4% (1)
- C74% (20)
- E15% (4)
Why each option
The most effective and reversible method to temporarily suspend a user's interactive login capability is by changing their shell to `/bin/false`.
Changing a user's UID (User ID) would disassociate them from their files and processes, leading to data access issues and system instability, which is not a temporary suspension method.
Changing the user's password prevents them from logging in with their old password, but they could still log in if given a new password, and it's not the cleanest way to temporarily suspend *interactive* login.
Changing a user's login shell to `/bin/false` (or `/sbin/nologin`) prevents them from being granted an interactive shell upon successful authentication, thereby effectively suspending interactive logins without deleting the account or files, and it is easily reversible.
Removing the user's entry in `/etc/passwd` permanently deletes the user account and all associated data, which is not a temporary suspension.
Placing `logout` in a user's profile file would allow them to log in briefly before being logged out, which is less secure and less robust than preventing interactive shell access entirely.
Concept tested: User account management and login suspension
Source: https://man7.org/linux/man-pages/man8/usermod.8.html
Topics
Community Discussion
No community discussion yet for this question.