lock user account linux

How to Lock & Unlock Users in Linux

As a system administrator, sometimes you may need to lock & unlock user accounts for security purposes. Typically, usermod & passwd are the 2 commands used to change group membership & user password respectively. In this article, we will learn how to lock & unlock users in Linux.


What is usermod

Usermod command allows admins to modify user account information. It is mostly used to add/remove users from user groups.


What is passwd

Passwd is a simple command to change the passwords of user accounts. Account owners and system administrators have the right to change password of a given user account.



How to Lock & Unlock Users in Linux

Typically, we use passwd -l command to lock users and passwd -u command to unlock users. We will create shell scripts to lock & unlock multiple users.


1. How to Lock Users in Linux

First we will create a list of users you want to lock in a file user.txt. Please make sure you add each username on separate line.

$ cat users.txt
user1
user2
user3

Open terminal and run the following command to create an empty shell script lock.sh.

$ sudo vi lock.sh

Add the following lines to this file.

#!/bin/bash
for user in `cat users.txt`
do
passwd -l $user
done

Save and close the file.

In the above code, we basically loop through the lines of users.txt file and execute passwd -l command for each user. Depending on your requirement, you can modify the user list users.txt to lock users.

Next, make the shell script executable.

$ sudo chmod +x lock.sh

Run the script with the following command.

$ ./lock.sh
Locking password for user user1.
passwd: Success
Locking password for user user2.
passwd: Success
Locking password for user user3.
passwd: Success

Now if you want to check the status of these users, you can create another script or run the following commands in shell. We will create a new script for this purpose.

$ sudo vi check-status.sh

Add the following lines.

#!/bin/bash
for user in `cat users.txt`
do
passwd -S $user
done

In the above code, we loop through the lines of users.txt file and run passwd -S command for each user.

Make the script executable.

$ sudo chmod +x check-status.sh

Now you can run it from the terminal.

$ ./check-status.sh
user1 LK 2021-12-10 0 99999 7 -1 (Password locked.)
user2 LK 2021-12-10 0 99999 7 -1 (Password locked.)
user3 LK 2021-12-10 0 99999 7 -1 (Password locked.)

In the above output, ‘LK’ signifies that the user password is locked.


2. Unlock Users

Similarly, if you want to unlock users, create an empty shell script unlock.sh

$ sudo vi unlock.sh

Add the following lines to it.

#!/bin/bash
for user in `cat users.txt`
do
passwd -u $user
done

In the above code, we loop through each line of users.txt file and issue passwd command on it. Run the following command to make it an executable.

$ chmod +x unlock.sh

Run the shell script with the following command.

$ ./unlock.sh
Unlocking password for user user1.
passwd: Success
Unlocking password for user user2.
passwd: Success
Unlocking password for user user3.
passwd: Success

Now if you run the above script to check status of user accounts, you will see the following output.

user1 PS 2021-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
user2 PS 2021-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
user3 PS 2021-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)

In the above output, PS indicates that the passwords are not locked.

In this article, we have learnt how to lock & unlock users.

Also read:

How to Change FTP Port in Linux
How to Check CVE Vulnerability in Linux
How to Capture Top Command Output to File
How to Check Supported TLS/SSL Version in Linux
How to Run Multiple Commands in Linux

Leave a Reply

Your email address will not be published.