/etc/shadow. In the below example we include "X" character thus making user's password impossible to decrypt something meaningful:
lubos:X$6$1ANrXcst$H4yOxEjNSNJAYdwe6q6ygHW3yGC/GhRW0:16243:0:99999:7:::It needs to be mentioned that this method only works if all users and services are authenticating against /etc/passwd file. You system may have custom configured PAM modules so make sure that nothing gets through.
usermodcommand in order to disable user account. However, using this method is simply just a shortcut to the above procedure since all what usermode does is to place "!" character in front of encrypted user password located in
/etc/shadowfile. In the following example we are going to disable user account "lubos" using
# usermode -L lubosNo output will be produced and result can be seen by examining /etc/password file.
lubos:!$6$1ANrXcst$H4yOxEjNSNJAYdwe6q6ygHW3yGC/GhRW0:16243:0:99999:7:::To enable user account you can either remove "!" sign from the /etc/password file or use
# usermode -U lubos
/bin/false /bin/true /sbin/nologin /usr/sbin/nologinUse
vipwcommand to edit user default shell. For example:
lubos:x:1000:1000:lubos,,,:/home/lubos:/bin/true OR lubos:x:1000:1000:lubos,,,:/home/lubos:/usr/sbin/nologinThe difference between
/usr/sbin/nologinis that nologin prints message:
$ /usr/sbin/nologin This account is currently not available.Some Linux distributions may not have
/usr/sbin/nologinavailable. Check /etc/shells to see what available for your system.