The question is simple, I want to list all the user accounts which can log in to my system, but I'm not sure if that all the users in /etc/passwd are "could login" users?
Details:
I can see users whose shells are set to /usr/sbin/nologin and /bin/false in /etc/passwd, does that mean they cannot login?
I also know that I can set the encrypted password of user to * or ! in /etc/shadow to disable an account, so the "disabled user" should also be treat as "cannot log in" user, right?
A lot of this depends on your definition of "log in" -- technically any user who exists in /etc/passwd & /etc/shadow is a "valid user" and could theoretically log in under the right set of circumstances.
The methods you're talking about fall into the following broad categories:
Users with "locked" accounts in /etc/shadow
A user whose password is set to *, !, or some other hash that will never match is "locked out" (in the Sun days the convention was often *LK*, for "Locked").
These users can't log in by typing a password, but they can still log using other authentication mechanisms (SSH keys, for example).
Users with a "non-interactive" shell in /etc/passwd
A user whose account has a "non-interactive shell" (/bin/false, /sbin/nologin) can't log in interactively -- i.e. they can't get a shell prompt to run commands at (this also prevents SSH command execution if the user has SSH keys on the system).
These users may still be able to log in to do things like read/send email (via POP/IMAP & SMTP AUTH). Setting a non-interactive shell for users who should never need to use the shell (and for most "service accounts") is generally considered good practice.
So depending on your criteria for "able to log in" you may want to check one or both of these things.
There is a difference between disabling the user and setting the shell to /bin/false or similar.
Setting the shell to /bin/false prevents the user from getting a shell, but they can still log in to the system if local users are used for something else (mail authentication, ftp, and so on). Disabling the user makes it impossible for him to use any services of the server that use local users.
In addition to the above, users may be locked out from a system even though their password entry looks correct using several different methods.
/etc/security/access.conf can be used to limit who can log in.
There are many PAM modules that can be configured to restrict specific users, or modify login behavior based on need. (i.e. no home directory on the server disallows login.)
