- How to enable or disable a user?
- 5 Answers 5
- Expire Account
- Lock a Password
- Expire a Password
- How to deactivate or disable a user account in Ubuntu 20.04 LTS
- Prerequisites
- Disabling a user in Ubuntu
- Method 1: Lock the password
- Method 2: Expire the user account
- Method 3: Change the Shell
- Confirming whether the account has been disabled or inactive
- 1. Verify the user’s status (Locked/Unlocked)
- 2. Look for the non-interactive Shell
- Conclusion
- Search
- About This Site
- Latest Tutorials
- Howto: Enable and Disable the User accounts in Linux/Unix
- Share this:
- Like this:
- Related
- 4 thoughts on “ Howto: Enable and Disable the User accounts in Linux/Unix ”
- UNIX / Linux : How to lock or disable an user account
- 1. Lock the password
- 2. Expire the user account
- 3. Changing the shell
- Verify if the account is locked or disabled.
- Linux enable disable user
How to enable or disable a user?
I’m uing ubuntu 12.04 desktop. I have 3 users: user1(administrator), user2(standard) and guest. I wanted to disable user1 and enable user2 which auto logs on with no password but after I did that I can’t login to user1 and user2 accounts except the guest session user. I’m striped off every administrative privileges. I don’t know which options are available to me and how do I enable root or user which is an administrator?
5 Answers 5
Expire Account
Let the account expire to disallowing a user from logging in from any source including ssh:
# disallow peter from logging in sudo usermod --expiredate 1 peter
This is how you can reenable that account:
# set expiration date of peter to Never sudo usermod --expiredate "" peter
Lock a Password
To disable / lock the password of user account use below command. This will not disallow ssh-access on Ubuntu. This prepends a ! to the password hash so that no password will match it anymore.
# take away peters password sudo passwd -l peter
# give peter back his password sudo passwd -u peter
Expire a Password
This command seems to differ across platforms. On Ubuntu, expiring a password will command the user to make up a new one once he logs in. This is not suitable for disabling an account.
# make peter think of a new password on login sudo passwd -e YYYY-MM-DD peter
You should merge locking a password and expiring an account into one command as explained in @vorburger’s answer (usermod -L -e 1 [username]) and (usermode -U -e «» [username])
Use this to lock an account:
sudo usermod -L -e 1 [username]
and this to unlock an account so locked:
sudo usermod -U -e "" [username]
(Disabling and locking a user account both mean the same thing.)
To disable / lock the user account use below command:
sudo passwd -l [user_name] e.g. sudo passwd -l samual
To put an expire date to an user account so that it automatically gets disabled / locked.
sudo passwd -e YYYY-MM-DD [user_name] e.g. sudo passwd -e 2013-05-31 samual
To re-enable a disabled user, issue the passwd command with the -u option.
sudo passwd -u [username] e.g. sudo passwd -u training
To enable the root account and change the root password use below steps.
Enter the new password for root account and then exit. if this does not solve the issue let me know.
Please feel free to let me know if you need anything else or any further clarification.
How to deactivate or disable a user account in Ubuntu 20.04 LTS
If you want to disable any user to prevent that the user logs into his/her account on Ubuntu or lock the user’s account so he/she won’t be able to log in and access the privileged rights, you can do it in three ways through command line input (CLI). This article will explain and demonstrate these 3 ways through which you can perform the specified task.
Prerequisites
Disabling a user in Ubuntu
Follow the below explained ways to inactivate a user in ubuntu 20.04 LTS.
Method 1: Lock the password
For locking the user’s account password, there are 2 commands for doing it. The commands are:
These two commands will put an exclamation mark “!” in the second field of the /etc/passwd file. This addition of an exclamation mark will be sufficient to lock the user account’s password.
Using the “usermod -L” command
Run the following command in terminal to lock the password:
For this particular article, the user whose account I want to lock is “muneeb” so the username in the above command will be “muneeb”.
Entering the above command will ask for the root account password first to proceed. Type the password and hit enter to proceed.
Using the “passwd -l” command
Run the following command to lock the password in the terminal.
For using this command, the particular user ( according to my system) is “Zahid” whose account I want to disable to login into his account. So, the username in the above command will be “Zahid”. This command
After running the above command, the terminal will ask for the root’s password first. Enter the root’s password to proceed further.
Method 2: Expire the user account
The lock password way has some cons as well. It sometimes doesn’t completely forbid the specified user’s login into the system by SSH ( Secure Shell) public keys. The other way through which a user’s account can be permanently disabled or inactivated is expiring the specified user’s account. To do so, run the following command in the terminal:
The username will be “Zahid” in the above command for this particular article.
Expiring Zahid’s account will close up all the access methods to be used by him. This command involves using the 8th field from the /etc/passwd file.
Method 3: Change the Shell
The third way can be changing the shell. The changed shell will be /sbin/nologin from the default shell. It will then not let any user login into the system. It involves using the 7th and the last field of the /etc/passwd file. You can do this by running the following command:
$ sudo usermod -s /sbin/nologin username
For this particular article, the username in the above command will be “Zahid”.
Running the above command will first ask for the root’s password to proceed. Type the password and hit enter.
Confirming whether the account has been disabled or inactive
1. Verify the user’s status (Locked/Unlocked)
After getting done with the above ways of locking the account, verify whether the user has been locked or disabled by running the following command:
$ sudo passwd --status username
As mentioned above, the username in the above command will be “Zahid” for this particular article, whose account I have locked. Running the above command will give you the following status update. Look for the “L” flag in the output that shows whether the account has been locked or not.
2. Look for the non-interactive Shell
Check and verify that the locked user’s shell has been changed to a non-responding or interactive shell that is /sbin/nologin by running the following command.
$ sudo grep ^username /etc/passwd
For this particular article, the username will be “Zahid” in the above command. Running the above will give you the following output.
Conclusion
In this article, you will get to know about different ways of locking or disabling any user’s account. Being a Linux system administrator, you frequently need to manage multiple user accounts at a time easily by enabling or disabling some user accounts according to required specifications. Though each way has its own pros and cons, you can use any of the demonstrated ways as per your system efficiency.
Search
About This Site
Vitux.com aims to become a Linux compendium with lots of unique and up to date tutorials.
Latest Tutorials
Howto: Enable and Disable the User accounts in Linux/Unix
To disable an user account, just open the Terminal and run this command:
# passwd -l username (where username is the login id).
To enable an user account, just open the Terminal and run this command:
To check the status of the User, You can check this command message running this command:
For a disabled/Locked account it will show that “This account is currently not available.”
For a enabled/unlocked account it will Prompt for password for that particular user.
Tested Environments: Debian 7.2.0,6.0.5, Centos 6.0.
N.B.: For more information, Please make a comment and I will try to help you.
Share this:
Like this:
Related
4 thoughts on “ Howto: Enable and Disable the User accounts in Linux/Unix ”
It’s not a good idea to use passwd command to disable an account, in fact, the account is active and it is not been disabled by this command, only password has changed. You can use usermod command to disable an account ( usermod -L -e 1 ), but may be this is not what you need, that’s why you are using passwd instead of usermod, i guess.
passwd -l does not disable an account. The commands passwd -l or usermod -L lock a user account. The account may be unlocked using the command passwd -u A disabled account is a function of the variable INACTIVE. Once a password expires the system will use the INACTIVE setting to determine how many days it will wait before disabling the account.. When a regular use account is disabled an asterisk is placed in the encrypted password field of the file /etc/shadow for that user. To enable the account this asterisk must be removed and a password created for the account.
UNIX / Linux : How to lock or disable an user account
There are several ways in which user account can be locked or disabled. The posts discusses few of the most widely used ways.
1. Lock the password
To lock a users account use the command usermod -L or passwd -l. Both the commands adds an exclamation mark (“!”) in the second field of the file /etc/passwd. For example :
2. Expire the user account
The commands passwd -l and usermod -L are ineffcient when it comes to disable/lock user accounts. These commands will not disallow authentication by SSH public keys (or other PAM modules other than pam_unix that may be enabled). Additionally, changing the shell to /bin/false or /sbin/nologin is unsatisfactory to us since this only affects interactive logins. So to completely disable user accounts you can user the command chage -E0. For example :
Expiring an account via use of the 8th field in /etc/shadow (using “chage -E”) will block all access methods that use PAM to authenticate a user.
3. Changing the shell
We can also change the default shell of the user to /sbin/nologin so that the user do not get any login shell when he tries to login into the system.
# usermod -s /sbin/nologin [username]
You can check for the 7th and last field in /etc/passwd for the change of shell to /sbin/nologin.
Verify if the account is locked or disabled.
For each of the methods described above, you can verify if the user account is locked/disabled using below methods.
1. Check if the user account is locked.
Check for the flag *LK* in the below command output which indicates that the account is locked.
# passwd --status root root *LK* 2017-07-19 0 45 7 -1 (Password set, SHA512 crypt.)
2. Check if the account has an expire date.
Check for the lines Password expires and Account expires to check if the account password is expired.
# chage -l root Last password change : Jul 19, 2017 Password expires : Sep 02, 2017 Password inactive : never Account expires : Sep 02, 2017 Minimum number of days between password change : 0 Maximum number of days between password change : 45 Number of days of warning before password expires : 7
3. Check for non-interactive shell
Check if the user shell has been changed to a non-interactive shell like /sbin/nologin.
# grep ^root /etc/passwd root:x:0:0:root:/root:/sbin/nologin
Linux enable disable user
Prevent user to access account / Prevent user to reach on shell prompt :
If you want to disable a user account in Linux, follow these steps.
if it is debian or ubuntu :
$ sudo usermod -s /usr/sbin/nologin username
$ sudo usermod -s /sbin/nologin username
This account is currently not available
Second Method :
a) Open file /etc/passwd and search your username there.
b) If a line ends with /bin/bash, it means user can log in.
c) Change the text /bin/bash into /sbin/nologin ( centos or fedora ) or /usr/sbin/nologin ( debian or ubuntu ) for your username.
d) Save the file. Now User will not be able to log-in.
Enable a User Account
Allow user to access account / Allow user to reach on shell prompt :
If you want to enable a user account in Linux, Run the command.
$ sudo chsh -s /bin/bash username
Second Method :
a) Open file /etc/passwd and search your username there.
b) If a line ends with /sbin/nologin ( centos or fedora ) or /usr/sbin/nologin ( debian or ubuntu ) , it means user can not log in.
c) Change the text /sbin/nologin ( centos or fedora ) or /usr/sbin/nologin ( debian or ubuntu ) into /bin/bash for your username.
d) Save the file. Now User will be able to log-in.