Linux systems use /etc/shadow to store the encrypted user passwords. The quickest way to disable a user is to alter is password stored in /etc/shadow. Normally an active user account will have one line in /etc/shadow that will look like:
where the second field is the encrypted password.
If we replace the password with “*” or “!” this will make the account unusable, and it will mean that no login is permitted for the user:
This method has the disadvantage that the user password will be lost (unless saved somewhere, etc.) in the case we will want to re-enable it again later. From this point of view a much better method is to use the passwd command to lock the account:
and the output of the successful change will be “Password changed.”. This actually just changes the shadow file and adds “!” in front of the user password:
Of course we could do this manually ourselves also if we want ;-).
If you will ever need to re-enable the account just unlock it:
or just remove manually the “!” character from the user’s password line in /etc/shadow.