Thursday, September 29, 2011

Disable a user account in Linux

There are some different approaches to do that. The easy way to disable a user account is to alter stored password which is stored to /etc/shadow. In that case password will be lost unless you save save the password in different file.

You can alter the password by using following command:
passwd {username} {new password}

It might better to lock a account rather than change password if you need to re-activate again. By following command a user account can be lock easily:
passwd {username} -l

If you will ever need to re-enable the account just unlock using following command:
passwd {username} -u

If you don't need to keep the account anymore then use following command to delete a user permanently.
userdel {username}

The above operation will keep his home directory, mails, etc.  Use following command to delete all his files on the system.
userdel -r {username}

Be careful to do that, your mistake may destroy all files of the server.

Note: User still will be able to connect using ssh via key-based auth on changing the user password or locking. If this is used, then the user’s authorized_keys must me moved to a different location.

No comments:

Post a Comment