To reset all users to use a false shell (vs sh, bash, csh, etc) on most Linux platforms:

type who and see which users are currently running a shell

another way would be to type ps aux | grep sh and then see which shells were active.

look in /etc/passwd for the default shells for your users

copy whatever shells you have on your machine into /root (cp /bin/*sh* /root)

edit your /etc/passwd file to point to /root/(your shell here) for the root user

log out and login as root using the new shell located in the root directory

remove all the shell files in /bin (rm /bin/*sh*)

change directory to /bin (cd /bin

symbolicly (sp?) link the file false to also be bash, sh, ash, bash2, etc.
Whatever files you copied out of the /bin directory that your users could use as a shell.
ln -s /bin/false /bin/bash
ln -s /bin/false /bin/sh
ln -s ... etc.


then do a killall bash && killall sh && killall csh && killall tcsh, etc. and you are now clean.
(i didn't do a killall *sh* because I didn't want to kill a sshd session if you are doing this remotely)


no-one can have a shell but root.

Then you can do a kernel upgrade/patch (I am using 2.6.0-test11 and it is EXTREMELY stable and a much faster kernel) knowing that you are the only user with access.

It is also a good idea to be sure that any unprivileged accounts (ftp, nobody, etc) are already using /bin/false as their shell. Some people install a SQL server and create an account without realizing that they should lock that account down, in case they ever set the password on that account in error.

Anyway, I made this howto a bit simplistic, but I hope it explains the process well enough.
PLEASE do not delete any shells before you login as root into the correct shell located in /root

Have fun.


{edit}

Whups. once everything is all set, delete all the shell links in /bin (rm /bin/*sh*)
then copy the real shells in /root to /bin (cp /root/*sh* /bin)

then everyone will have access again.

enjoy.