How To Disable or Lock Linux User Account? – POFTUT

How To Disable or Lock Linux User Account?

by

How can I disable some Linux account? By disabling it I do not want to remove the account and related files. Just user related operations will be prevented. If an user authentication occurs it will be not authenticated. We will use usermod command to lock user account.

Disable/Lock User Account with usermod Command

We will disable account with the following code.

$ usermod -L -e 1 test
  • usermod will change user account related attributes and information.
  • -L will lock given account and put ! in the user passwords database before encrypted password.
  • -e 1 will set expire date from 1/1/1970

Disable/Lock User Account with chage Command

chage command is use to set user account expiration time for password. If we set previous than the current date the given account will be locked automatically. We provide the date in YYYY-MM-DD format. In this example we will lock user ismail.

$ sudo chage -E 2010-01-01 ismail

Disable/Lock User Account with passwd Command

We can also use passwd command in order to lock given user account. We will provide -l option which means lock. In this example we will lock user ismail

$ sudo passwd -l ismail

Disable/Lock User Account From /etc/shadow

/etc/shadow file stores the user password in encrypted format. If ! is added before hash value of the user password the user account will be disabled or locked. As an example we can lock user test with the following line. Attention to the ! at the begging of the password hash value.

test:$6$!0G2HVsS0JZ3wqfK6$ClYJYYWaLhI5

Disable/Lock User Account From /etc/passwd

/etc/passwd file also store information about the user. An user account can be also locked from this file in two different ways.

LEARN MORE  What Is AAA (Authentication, Authorization, and Accounting)?

Disable User Login with nologin

We can disable an user account login from the /etc/passwd file at the end of line like /bin/bash which specifies the user shell. We will change to the /bin/nologin which is not a login shell.

test:x:1:1:bin:/bin:/sbin/nologin
Disable User Login with nologin
Disable User Login with nologin

Adding ! After Username

Another way is adding ! after username and before x like below.

test:!x:1:1:bin:/bin:/sbin/bash

Unlock/Enable User

After some time we may need to enable or unlock given user account there are different ways to unlock an user account. Here some of them with chage and passwd command.

$ sudo passwd -u ismail

Check User Lock Configuration

We will check the status of this account from configuration file. Is the account disabled?

$cat /etc/shadow | grep test

We can also check the user configuration whether it is locked or not with the chage command like below.

$chage -l test

 

How To Disable or Lock Linux User Account? Infografic

How To Disable or Lock Linux User Account? Infografic
How To Disable or Lock Linux User Account? Infografic

Leave a Comment