linux poison RSS
linux poison Email

How to Lock / UnLock (Enable / Disable) Linux User Account

Before you remove an account from a system, is a good idea lock it for one week to make sure that no one use it.

To lock, you can use the follow command:
# passwd -l username (where username is the login id).
This option is used to lock the specified account and it is available to root only. The locking is performed by rendering the encrypted password into an invalid string (by prefixing the encrypted string with an !).

After that, if someone try to loginusing this account, the system will return:
# su - username
This account is currently not available.

To Unlock the same account
Following command re-enables an account by changing the password back to its previous value i.e. to value before using -l option.
# passwd -u username
This removes the '!' in front of the encrypted password


3 comments:

Arturo 'Buanzo' Busleiman said...

You should use usermod –expiredate 1 instead of passwd -l.
Passwd -l does not disable an account, just makes the password unusable, but the user could still login using an ssh key or other auth meth.

Anonymous said...

Yes, user lock is only done by usermod command,

pavi said...

You have said that if account is locked and user try to log-in it using
# su - username
it says "This account is currently not available."

But this is not true. You have given the example using Hash (#) prompt, it means it is a root user. The root user can login into locked user account using
# su - username

Ya but the other users can't login into locked account. It says
su: Authentication failure
The example should be like
$ su - username
It is creating confusion.

Post a Comment

Related Posts with Thumbnails