https://www.quora.com/How-can-bin-true-and-bin-false-Linux-utilities-be-used
MySQL :: MySQL 8.0 Reference Manual :: 2.9.2 Installing MySQL Using a Standard Source Distribution https://dev.mysql.com/doc/refman/8.0/en/installing-source-distribution.html
# Preconfiguration setup shell> groupadd mysql shell> useradd -r -g mysql -s /bin/false mysql
shell - What's the difference between /sbin/nologin and /bin/false - Unix & Linux Stack Exchange https://unix.stackexchange.com/questions/10852/whats-the-difference-between-sbin-nologin-and-bin-false
https://superuser.com/questions/1183311/why-do-some-system-users-have-usr-bin-false-as-their-shell
This helps to prevent users from logging on system.
Sometimes you need a user account for a specific task. Nevertheless, no one should be able to interact with this account on the computer. These are on the one hand system user accounts, on the other hand this is account, for which FTP or POP3 access is possible, but just no direct shell login.
If you look more closely at the /etc/passwd
file, you will find the /bin/false
command as a login shell for many system accounts. Actually, false is not a shell, but a command that does nothing and then also ends with a status code that signals an error. The result is simple. The user logs in and immediately sees the login prompt again.
When /sbin/nologin
is set as the shell, if user with that shell logs in, they'll get a polite message saying 'This account is currently not available.' This message can be changed with the file /etc/nologin.txt
.
/bin/false
is just a binary that immediately exits, returning false, when it's called, so when someone who has false
as shell logs in, they're immediately logged out when false
exits. Setting the shell to /bin/true
has the same effect of not allowing someone to log in but false
is probably used as a convention over true
since it's much better at conveying the concept that person doesn't have a shell.
Looking at nologin
's man page, it says it was created in 4.4 BSD (early 1990s) so it came long after false
was created. The use of false
as a shell is probably just a convention carried over from the early days of UNIX.
nologin
is the more user-friendly option, with a customizable message given to the user trying to log in, so you would theoretically want to use that; but both nologin
and false
will have the same end result of someone not having a shell and not being able to ssh in.