How to lock and unlock a user account in Linux

When you need to forbid a user to login the Linux system, you lock that user’s account. There are a few ways to do that.

The simplest way to lock a user is with the passwd command. Without any option, passwd changes the user passwords.

passwd -l username locks the user and passwd -u username unlocks that user.

How to lock a user account with passwd -l

This following command, used as root will lock the user razvan:
# passwd -l razvan

How to unlock a user account with passwd -u

To unlock the user razvan, use this command as root:
# passwd -u razvan

How to unlock a user by changing the user’s login shell

The root can also lock a user by changing that user’s login shell to /bin/false or /usr/sbin/nologin. On Fedora, you have /sbin/nologin instead of  the Debian /usr/sbin/nologin file.

First make sure that you have /bin/false and /usr/sbin/nologin (or /sbin/login, if you are a Fedora user) in the /etc/shells file:
$ cat /etc/shells

If you don’t find the two shells listed in the file, append them by hand:
$ echo "/bin/false" >> /etc/shells
$ echo "/usr/sbin/nologin" >> /etc/shells

OR (For Fedora): $ echo "/sbin/nologin" >> /etc/shells

By setting the default login shell to /usr/sbin/nologin (or /sbin/nologin), the user will be allowed only to login to the ftp. /bin/false forbids the user to login to the system and also blocks the user’s ftp and ssh connections to the station.

$ sudo chsh -s /bin/false mike
$ sudo chsh -s /usr/sbin/nologin mike

OR (for Fedora):$ sudo chsh -s /sbin/nologin mike

To restore the user’s system access, change it’s default shell back to one that allows user login: /bin/bash, /bin/sh, /bin/zsh, etc …

Tagged with: , , , , ,
Posted in The Linux and Unix Articles!

Leave a Reply

Your email address will not be published. Required fields are marked *




Subscribe to get the latest Linux news and how to guides directly on your e-mail!