Linux prohibits users from changing the and reset password

preface

The Linux user's username is saved in /etc/passwd File in which the password is saved /etc/shadow In the. To prevent users from changing/resetting passwords, set both files to read-only.

Methods the following

chattr +i /etc/passwd
chattr +i /etc/shadow

To allow password changes, unmark the file as read-only:

chattr -i /etc/passwd
chattr -i /etc/shadow

Pay attention to

After setting the two files to read only, the additional effect is that a new user cannot be created. For example, if you install MySQL using yum, the installer will not be able to create a new mysql user and will not be able to start the MySQL service properly. If you have a file read-only setting, it is recommended that you turn off read-only when installing yum.

miscellaneous

i Represents immutable, which is immutable. For additional options on file properties, refer to chattr's command note: man chattr.

conclusion