This interface allows one to manage accounts which can access one’s server remotely from the command line.
As a warning it must be noted that many users want this type of access, but before granting complete shell access to users, one should always consider the security risks. We recommend to provide jailed shell (sometimes seen as jailshell) access to users, to prevent the execution of certain harmful commands.
The account’s package determines the account’s shell access. If the account’s permission is changed to access a shell, the system will set the value for the account’s package to undefine in the account’s userdata file.
One can select the following types of shell access:
It is to note that an account with a disabled shell may use SFTP if a user enables it. To disable it, one must set /bin/false as the user’s shell. Run the following command as the root user where username is the account for which the user wish to disable SFTP:
usermod -s /bin/false username
This feature helps a user in certain ways as reviewed in the article.