How can I check whether a user has login permissions on Ubuntu?

linux ubuntu security apache-http-server
13,666

Solution 1

passwd -l www-data

Solution 2

The information you want is in the /etc/passwd file (which is world readable - the hashes of passwords are actually kept in /etc/shadow. So you can

$ grep www-data /etc/passwd

which should produce something along the lines of

www-data:x:111:112::/home/www-data:/bin/false

(I don't have apache installed, so the details are probably different). The important detail is the part after the last : which is the login shell. In this case it is /bin/false, which means you can't login as that user. If you look at the line corresponding to your username, you will see it is /bin/bash thus allowing you to login.

If www-data has a valid login shell then just go and edit /etc/passwd and change the login shell to /bin/false.

Share:
13,666

Related videos on Youtube

morpheous
Author by

morpheous

Updated on September 17, 2022

Comments

  • morpheous
    morpheous almost 2 years

    I want to make sure that the user www-data cannot be used to login on my system (Ubuntu Lucid). How can I find out? - is there a command I can run against this user? (traditionally run by Apache daemon)

  • Daenyth
    Daenyth almost 14 years
    And use vipw to edit the file so you don't mess it up!
  • Dennis Williamson
    Dennis Williamson almost 14 years
    From man passwd: "Note that this does not disable the account. The user may still be able to login using another authentication token (e.g. an SSH key). To disable the account, administrators should use usermod --expiredate 1 (this set the account´s expire date to Jan 2, 1970)."
  • Ignacio Vazquez-Abrams
    Ignacio Vazquez-Abrams almost 14 years
    Won't work if the authdb is in e.g. LDAP.
  • Daenyth
    Daenyth almost 14 years
    It's effectively disabled since he'd have to add a key to log in with it
  • morpheous
    morpheous almost 14 years
    Hold on, when you talk about the account being 'disabled' - do you mean that Apache can no longer run as the user 'www-data'? (thats not what I want). I want Apache to continue running as the user www-data, but I dont want anyone to be able to log into the system using www-data as a username. I have seen attempts in my log of users trying a brute force attempt to hack into my server using the username www-data - that is what prompted this question.
  • Daenyth
    Daenyth almost 14 years
    By disabled I mean to say that login is disabled.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to access apache web server on Ubuntu from windows
Apache2 "Failed to start The Apache HTTP Server"
PHP 7.2 is enabled but does not execute on my website
Ho do you stop and start php-fpm?
added entry to hosts file (ubuntu); can ping ok; cannot nslookup
Why am I getting 403 permission denied from Apache 2.4.7 on ubuntu 14.04
Apache dosn’t load virtual host files
Ubuntu localhost: Not found
How can I make Ubuntu firewall rules ( ufw ) allow all traffic except...?
Cron jobs are running but there is nothing in crontab? Have I been hacked?