How To Disable or Lock Linux User Account?
How can I disable some Linux account? By disabling it I do not want to remove the account and related files. Just user related operations will be prevented. If an user authentication occurs it will be not authenticated. We will use usermod command to lock user account.
Disable/Lock User Account with usermod Command
We will disable account with the following code.
$ usermod -L -e 1 test
- usermod will change user account related attributes and information.
- -L will lock given account and put ! in the user passwords database before encrypted password.
- -e 1 will set expire date from 1/1/1970
Disable/Lock User Account with chage Command
chage command is use to set user account expiration time for password. If we set previous than the current date the given account will be locked automatically. We provide the date in
YYYY-MM-DD format. In this example we will lock user
$ sudo chage -E 2010-01-01 ismail
Disable/Lock User Account with passwd Command
We can also use
passwd command in order to lock given user account. We will provide
-l option which means lock. In this example we will lock user
$ sudo passwd -l ismail
Disable/Lock User Account From /etc/shadow
/etc/shadow file stores the user password in encrypted format. If
! is added before hash value of the user password the user account will be disabled or locked. As an example we can lock user
test with the following line. Attention to the
! at the begging of the password hash value.
Disable/Lock User Account From /etc/passwd
/etc/passwd file also store information about the user. An user account can be also locked from this file in two different ways.
Disable User Login with nologin
We can disable an user account login from the
/etc/passwd file at the end of line like
/bin/bash which specifies the user shell. We will change to the
/bin/nologin which is not a login shell.
Adding ! After Username
Another way is adding
! after username and before
x like below.
After some time we may need to enable or unlock given user account there are different ways to unlock an user account. Here some of them with
$ sudo passwd -u ismail
Check User Lock Configuration
We will check the status of this account from configuration file. Is the account disabled?
$cat /etc/shadow | grep test
We can also check the user configuration whether it is locked or not with the
chage command like below.
$chage -l test