How to lock user account (disable user login temporarily) in UNIX – comparison of 4 solutions

Posted on February 20, 2009 by JITU

  • 1) Proper way to lock UNIX user account is:
bash# passwd -l user

- It will add some special character (! or *) in the beginning of his password (to /etc/shadow)
  • To unlock again:
bash# passwd -u user
  • User will get “Login incorrect” while logging in:
planar login: user
Password:
Login incorrect

planar login:

- – - – - – - – - – - – - – - – - – -

  • 2) Edit /etc/passwd and comment out user’s entry:
    –> #user:x:1000:1000:user,,,:/home/user:/bin/bash
  • User will get “Login incorrect” while logging in:
planar login: user
Password:
Login incorrect

planar login:

- – - – - – - – - – - – - – - – - – -

  • 3) Edit /etc/passwd and change his shell to /sbin/nologin (rather bash# which nologin):
    –> user:x:1000:1000:user,,,:/home/user:/sbin/nologin
  • User will be informed that he has been locked:
planar login: user
Password:
Last login: Wed Oct 22 01:41:02 2007 on ttyp/18
You have new mail.
This account is currently not available.

planar login:

- – - – - – - – - – - – - – - – - – -

  • 4) Edit /etc/passwd and change his shell to /bin/false:
    –> user:x:1000:1000:user,,,:/home/user:/sbin/false
  • User will be “partially” logged in, but immediately kicked:
planar login: user

Password:
Last login: Wed Oct 22 01:41:02 2007 on ttyp/18
You have new mail.


planar login:

Filed under: Hacking Tutorials

« »

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.