Disable user shell for security reasons

You can use the usermod command to change a user's login shell.

usermod -s /sbin/nologin myuser

or

usermod -s /usr/sbin/nologin myuser

If your OS does not provide /sbin/nologin, you can set the shell to a NOOP command such as /bin/false:

usermod -s /bin/false myuser

Changing the login shell does not necessarily prevent users from authenticating (except in some services that check if the user's shell is mentioned in /etc/shells).

People may still be able to authenticate to the various services that your system provides to unix users, and may still be authorized to perform some actions albeit probably not run arbitrary commands directly.

Changing the shell to /bin/false or /usr/sbin/nologin will only prevent them from running commands on those services that can be used to run commands (console login, ssh, telnet, rlogin, rexec...), so affect authorisation for some services only.

For ssh for instance, that still allows them to do port forwarding.

passwd -l will disable password authentication, but the user may still be allowed to use other authentication methods (like authorized_keys with ssh).

With pam on Linux at least, you can use the pam_shells module to restrict authentication or authorisation to users with an allowed shell (those mentioned in /etc/shells). For ssh, you'll want to do it at authorisation (account) level as for authentication sshd uses pam in addition to other authentication methods (like authorized_keys), or you can do it with sshd_config directives in /etc/ssh/sshd_config (like AllowUsers and friends).

Beware though that adding some restrictions in global pam authorisation will potentially prevent running cron jobs as those users.

You edit the /etc/passwd file and change the users shell from /bin/bash, or /bin/sh to /sbin/nologin