Recipe 8.9. Disabling Accounts

8.9.1 Problem

You need to disable an account and temporarily prevent the user from logging in, but you don't want to delete the account.

8.9.2 Solution

To temporarily deactivate an account, disable the user's password with the -l (lock) flag:

# passwd -l aborg

Password changed.

To re-enable, or unlock, a user's password use:

# passwd -u aborg

Password changed.

8.9.3 Discussion

Another way to disable an account is to insert an exclamation point at the beginning of the password field in /etc/shadow:

foobar:!$1$wiDlQr34$mitGZA76MSYCY04AHIY1:12466:0:99999:7:::

Yet another way is replace the x in the password field in /etc/passwd with an asterisk (*):

foober:*:1025:1025:Foober Smith,,,:/home/foober:/bin/bash

You can also take away the user's login shell:

# usermod -s /bin/false foober

But it's best to stick with passwd -l and -u.

8.9.4 See Also

• passwd(1), passwd(5)