The time will come when at some point a system administrator needs to disable user accounts. The may be for example due to some suspicious user activity or perhaps due user's work contract termination. As far the overall system security is concerned it it always good idea to have only those user logins enabled which are necessary for system or company to function. This tutorial explores some way on how to disable user accounts on the Linux system.
Disable Account using /etc/shadow
The simplest way to disable User Login is to add additional recognizable character to user's encrypted password located in
. In the below example we include "X" character thus making user's password impossible to decrypt something meaningful:
It needs to be mentioned that this method only works if all users and services are authenticating against /etc/passwd file. You system may have custom configured PAM modules so make sure that nothing gets through.
Disable User Logins with usermode command
Most linux distribution include
command in order to disable user account. However, using this method is simply just a shortcut to the above procedure since all what usermode does is to place "!" character in front of encrypted user password located in
file. In the following example we are going to disable user account "lubos" using
# usermode -L lubos
No output will be produced and result can be seen by examining /etc/password file.
To enable user account you can either remove "!" sign from the /etc/password file or use
# usermode -U lubos
Disable User Logins using pseudo shell
Another and simple way ti disable user login/account is to user following shells:
command to edit user default shell. For example:
The difference between
is that nologin prints message:
This account is currently not available.
Some Linux distributions may not have
available. Check /etc/shells to see what available for your system.