Three Ways to Lock and Unlock User Accounts in Linux

If you already have some kind of password policy implemented in your organization, you don't need to read this article. But in this case, if you set a 24-hour lock period for the account, you need to unlock the user account manually.

This tutorial will help you to manually lock and unlock user accounts in Linux.

This can be done in three ways using the following two Linux commands.

passwd
usermod

To illustrate this, let's select the daygeek user account. Let's see how to do it step by step.

Please note that you must use the account of the user you need to lock or unlock, not our account. You can use the id command to check whether a given user account is available in the system. Yes, my account is available in my system.

#id daygeek
uid=2240(daygeek) gid=2243(daygeek) groups=2243(daygeek),2244(ladmin)

Method-1: How to lock, unlock and check the status of a given user account in Linux using passwd Command?

The passwd command is one of the commands frequently used by Linux administrators. It is used to update the user's authentication token in the /etc/shadow file.

Run the passwd command with the -l switch to lock the given user account.

# passwd -l daygeek
Locking password for user daygeek.
passwd: Success

You can check the locked account status through the passwd command or by getting the given username from the /etc/shadow file.

Use the passwd command to check the user account lock status.

# passwd -S daygeek
or # passwd --status daygeek

daygeek LK 2019-05-30 7 90 7 -1 (Password locked.)

This will output a brief message about the password status of the given account.

LK
NP
PS

Use /etc/shadow file to check locked user account status. If the account has been locked, two exclamation marks will be added to the front of the password.

# grep daygeek /etc/shadow

daygeek:!!$6$tGvVUhEY$PIkpI43HPaEoRrNJSRpM3H0YWOsqTqXCxtER6rak5PMaAoyQohrXNB0YoFCmAuh406n8XOvBBldvMy9trmIV00

:18047:7:90:7:::

Run the passwd command with the -u switch to unlock a given user account.

# passwd -u daygeek
Unlocking password for user daygeek.
passwd: Success

Method-2: How to lock, unlock and check the status of a given user account in Linux using usermod command?

The usermod command is also frequently used by Linux administrators. The usermod command is used to modify/update the account information of a given user. It is used to add users to specific groups, etc.

Run the usermod command with the -L switch to lock the given user account.

# usermod --lock daygeek
or # usermod -L daygeek

You can check the locked account status through the passwd command or by getting the given username from the /etc/shadow file.

Use the passwd command to check the user account lock status.

# passwd -S daygeek
or # passwd --status daygeek
daygeek LK 2019-05-30 7 90 7 -1 (Password locked.)

This will output a brief message about the password status of the given account.

LK
NP
PS

Use /etc/shadow file to check locked user account status. If the account has been locked, two exclamation marks will be added to the front of the password.

# grep daygeek /etc/shadow
daygeek:!!$6$tGvVUhEY$PIkpI43HPaEoRrNJSRpM3H0YWOsqTqXCxtER6rak5PMaAoyQohrXNB0YoFCmAuh406n8XOvBBldvMy9trmIV00

:18047:7:90:7:::

Run the usermod command with the -U switch to unlock the given user account.

# usermod --unlock daygeek
or # usermod -U daygeek

Method-3: How to disable, enable SSH access to a given user account using usermod command in Linux?

The usermod command is also a command frequently used by Linux administrators. The usermod command is used to modify/update the account information of a given user. It is used to add users to specific groups, etc.

Alternatively, locking can be accomplished by assigning a nologin shell to a given user. To do this, run the following command.

# usermod -s /sbin/nologin daygeek

You can check the locked user account details by giving the username from /etc/passwd file.

# grep daygeek /etc/passwd
daygeek:x:2240:2243::/home/daygeek:/sbin/nologin

We can enable ssh access for the user by assigning back to the original shell.

# usermod -s /bin/bash daygeek

How to lock, unlock and check status of multiple user accounts in Linux using shell script?

If you want to lock/unlock multiple accounts then you'll need to find a script.

Yes, we can write a small shell script to do this. To do this, use the following shell script.

Create a user list. Each user information is on a separate line.

$ cat user-lists.txt

u1
u2
u3
u4
u5

Use the following shell script to lock multiple user accounts in Linux.

# user-lock.sh
#!/bin/bash
for user in `cat user-lists.txt`
do
 passwd -l $user
done

Set the user-lock.sh file to executable permission.

# chmod + user-lock.sh

Finally run the script to achieve the goal.

# sh user-lock.sh

Locking password for user u1.
passwd: Success
Locking password for user u2.
passwd: Success
Locking password for user u3.
passwd: Success
Locking password for user u4.
passwd: Success
Locking password for user u5.
passwd: Success

Use the following shell script to check for locked user accounts.

# vi user-lock-status.sh
#!/bin/bash
for user in `cat user-lists.txt`
do
 passwd -S $user
done

Set the executable permission user-lock-status.sh .

# chmod + user-lock-status.sh

Finally run the script to achieve the goal.

# sh user-lock-status.sh
u1 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u2 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u3 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u4 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u5 LK 2019-06-10 0 99999 7 -1 (Password locked.)

Use the following shell script to unlock multiple users.

# user-unlock.sh
#!/bin/bash
for user in `cat user-lists.txt`
do
 passwd -u $user
done

Set the executable permission user-unlock.sh .

# chmod + user-unlock.sh

Finally run the script to achieve the goal.

# sh user-unlock.sh

Unlocking password for user u1.
passwd: Success
Unlocking password for user u2.
passwd: Success
Unlocking password for user u3.
passwd: Success
Unlocking password for user u4.
passwd: Success
Unlocking password for user u5.
passwd: Success

Run the same shell script user-lock-status.sh to check whether these locked user accounts are unlocked in Linux.

# sh user-lock-status.sh
u1 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u2 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u3 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u4 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u5 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)

Summarize

The above are three methods of locking and unlocking user accounts in Linux introduced by the editor. I hope it will be helpful to everyone. If you have any questions, please leave me a message and the editor will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!
If you find this article helpful, please feel free to reprint it and please indicate the source. Thank you!