Details
The nginx account should not have the ability to log in, so the /sbin/nologin shell should be set for the account.
Rationale:
The account used for nginx should only be used for the nginx service and does not need to have the ability to log in. This prevents an attacker who compromises the account to log in with it.
Solution
Change the login shell for the nginx account to /sbin/nologin by using the following command:
chsh -s /sbin/nologin nginx
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.