Of Stack

Three ways to lock and unlock user accounts in Linux

  • 2021-06-28 09:57:35
  • OfStack

If you've implemented a password strategy in your organization, you don't need to read this article.However, in this case, if you set a 24-hour lock-in period for your account, you need to manually unlock the user account.

This tutorial will help you manually lock and unlock user accounts in Linux.

This can be done in three ways using the following two Linux commands.

passwd
usermod

To illustrate this, we chose the daygeek user account.Let's see how this can be achieved in one step.

Please note that you must use the account of the user you need to lock or unlock, not our account.You can use the id command to check if a given user account is available in the system.Yes, my account is available on my system. 


# id daygeek
uid=2240(daygeek) gid=2243(daygeek) groups=2243(daygeek),2244(ladmin)

Method 1: How do I use the passwd command to lock, unlock, and check the status of a given user account in Linux?

The passwd command is one of the commands frequently used by Linux administrators.It is used to update the user's authentication token in the/etc/shadow file.

Run the passwd command with the -l switch to lock a given user account. 


# passwd -l daygeek
Locking password for user daygeek.
passwd: Success

You can either use the passwd command or from /etc/shadow Get the given user name in the file to check the locked account status.

Use the passwd command to check the user account lock status. 


# passwd -S daygeek
 or 
# passwd --status daygeek

daygeek LK 2019-05-30 7 90 7 -1 (Password locked.)

This will output a short message about the password status of the given account.

LK
NP
PS

Use the /etc/shadow file to check the status of locked user accounts.If the account is locked, two exclamation marks will be added in front of the password. 


# grep daygeek /etc/shadow

daygeek:!!$6$tGvVUhEY$PIkpI43HPaEoRrNJSRpM3H0YWOsqTqXCxtER6rak5PMaAoyQohrXNB0YoFCmAuh406n8XOvBBldvMy9trmIV00

:18047:7:90:7:::

Running the passwd command with the -u switch can unlock a given user account. 


# passwd -u daygeek
Unlocking password for user daygeek.
passwd: Success

Method 2: How do I use the usermod command to lock, unlock, and check the status of a given user account in Linux?

The usermod command is also frequently used by Linux administrators.The usermod command is used to modify/update account information for a given user.It is used to add users to specific groups, and so on.

Run the usermod command with the -L switch to lock the given user account. 


# usermod --lock daygeek
 or 
# usermod -L daygeek

You can check the locked account status by using the passwd command or by getting the given user name from the/etc/shadow file.

Use the passwd command to check the user account lock status. 


# passwd -S daygeek
 or 
# passwd --status daygeek
daygeek LK 2019-05-30 7 90 7 -1 (Password locked.)

This will output a short message about the password status of the given account.

LK
NP
PS

Use the /etc/shadow file to check the status of locked user accounts.If the account is locked, two exclamation marks will be added in front of the password. 


# grep daygeek /etc/shadow
daygeek:!!$6$tGvVUhEY$PIkpI43HPaEoRrNJSRpM3H0YWOsqTqXCxtER6rak5PMaAoyQohrXNB0YoFCmAuh406n8XOvBBldvMy9trmIV00

:18047:7:90:7:::

Run the usermod command with the -U switch to unlock a given user account. 


# usermod --unlock daygeek
 or 
# usermod -U daygeek

Method-3: How do I disable and enable SSH access to a given user account in Linux using the usermod command?

The usermod command is also frequently used by Linux administrators.The usermod command is used to modify/update account information for a given user.It is used to add users to specific groups, and so on.

Instead, locking can be done by assigning nologin shell to a given user.To do this, you can run the following command. 


# usermod -s /sbin/nologin daygeek

You can do this by using the /etc/passwd Given a user name in the file to check locked user account details. 


# passwd -l daygeek
Locking password for user daygeek.
passwd: Success
0

We can enable ssh access for users by assigning back to the original shell.

# usermod -s /bin/bash daygeek

How do I use the shell script to lock, unlock, and check the status of multiple user accounts in Linux?

If you want to lock/unlock multiple accounts, you need to find a script.

Yes, we can write a small shell script to do this.To do this, use the following shell script.

Create a list of users.Each user's information is on a separate line.

$ cat user-lists.txt

u1
u2
u3
u4
u5

Use the following shell script to lock multiple user accounts in Linux. 


# passwd -l daygeek
Locking password for user daygeek.
passwd: Success
1

take user-lock.sh The file is set to executable.

# chmod + user-lock.sh

Finally, run the script to achieve the goal.

# sh user-lock.sh 


# passwd -l daygeek
Locking password for user daygeek.
passwd: Success
2

Use the following shell script to check for locked user accounts. 


# vi user-lock-status.sh
#!/bin/bash
for user in `cat user-lists.txt`
do
 passwd -S $user
done

Set up user-lock-status.sh Executable permissions.

# chmod + user-lock-status.sh

Finally, run the script to achieve the goal. 


# passwd -l daygeek
Locking password for user daygeek.
passwd: Success
4

Use the following shell script to unlock multiple users. 


# passwd -l daygeek
Locking password for user daygeek.
passwd: Success
5

Set up daygeek LK 2019-05-30 7 90 7 -1 (Password locked.)0 Executable permissions.

# chmod + user-unlock.sh

Finally, run the script to achieve the goal. 


# passwd -l daygeek
Locking password for user daygeek.
passwd: Success
6

Run the same shell script user-lock-status.sh To check if these locked user accounts are unlocked in Linux. 


# passwd -l daygeek
Locking password for user daygeek.
passwd: Success
7

summary

Related articles: