As a system administrator, sometimes you may need to lock & unlock user accounts for security purposes. Typically, usermod & passwd are the 2 commands used to change group membership & user password respectively. In this article, we will learn how to lock & unlock users in Linux.
What is usermod
Usermod command allows admins to modify user account information. It is mostly used to add/remove users from user groups.
What is passwd
Passwd is a simple command to change the passwords of user accounts. Account owners and system administrators have the right to change password of a given user account.
How to Lock & Unlock Users in Linux
Typically, we use passwd -l command to lock users and passwd -u command to unlock users. We will create shell scripts to lock & unlock multiple users.
1. How to Lock Users in Linux
First we will create a list of users you want to lock in a file user.txt. Please make sure you add each username on separate line.
$ cat users.txt user1 user2 user3
Open terminal and run the following command to create an empty shell script lock.sh.
$ sudo vi lock.sh
Add the following lines to this file.
#!/bin/bash for user in `cat users.txt` do passwd -l $user done
Save and close the file.
In the above code, we basically loop through the lines of users.txt file and execute passwd -l command for each user. Depending on your requirement, you can modify the user list users.txt to lock users.
Next, make the shell script executable.
$ sudo chmod +x lock.sh
Run the script with the following command.
$ ./lock.sh Locking password for user user1. passwd: Success Locking password for user user2. passwd: Success Locking password for user user3. passwd: Success
Now if you want to check the status of these users, you can create another script or run the following commands in shell. We will create a new script for this purpose.
$ sudo vi check-status.sh
Add the following lines.
#!/bin/bash for user in `cat users.txt` do passwd -S $user done
In the above code, we loop through the lines of users.txt file and run passwd -S command for each user.
Make the script executable.
$ sudo chmod +x check-status.sh
Now you can run it from the terminal.
$ ./check-status.sh user1 LK 2021-12-10 0 99999 7 -1 (Password locked.) user2 LK 2021-12-10 0 99999 7 -1 (Password locked.) user3 LK 2021-12-10 0 99999 7 -1 (Password locked.)
In the above output, ‘LK’ signifies that the user password is locked.
2. Unlock Users
Similarly, if you want to unlock users, create an empty shell script unlock.sh
$ sudo vi unlock.sh
Add the following lines to it.
#!/bin/bash for user in `cat users.txt` do passwd -u $user done
In the above code, we loop through each line of users.txt file and issue passwd command on it. Run the following command to make it an executable.
$ chmod +x unlock.sh
Run the shell script with the following command.
$ ./unlock.sh Unlocking password for user user1. passwd: Success Unlocking password for user user2. passwd: Success Unlocking password for user user3. passwd: Success
Now if you run the above script to check status of user accounts, you will see the following output.
user1 PS 2021-06-10 0 99999 7 -1 (Password set, SHA512 crypt.) user2 PS 2021-06-10 0 99999 7 -1 (Password set, SHA512 crypt.) user3 PS 2021-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
In the above output, PS indicates that the passwords are not locked.
In this article, we have learnt how to lock & unlock users.
Also read:
How to Change FTP Port in Linux
How to Check CVE Vulnerability in Linux
How to Capture Top Command Output to File
How to Check Supported TLS/SSL Version in Linux
How to Run Multiple Commands in Linux