Security

How To: Lock Out A User Account

This will probably be a short article and one that’s not all that complicated as we discuss how to lock out a user account. Unless you’re a fairly advanced home user, this probably won’t be of much interest to you. If you’re looking to advance your career and work in IT, this will be more valuable to you.

I’ve somehow covered creating a new user twice. I’ll link to one article:

How To: Create A New User

That’s the most recent version. The first one was a couple of years prior, so you can see why there’d be a duplicate. That’s a long time and that’s a whole lot of articles between the two. It happens.

Let’s say you’re firing Peter because Peter has been drinking on the job. You’d work in tandem with human resources and security. What you’d do is you’d wait for Peter to be called into HR and then you’d lock out Peter’s account. You wouldn’t delete it yet, you’d just prevent him from logging in. After that and Peter’s official firing, security would escort him out of the building.

Then again, you could have a shared server with someone. That someone might be acting fishy and you might want to take time to check on their account. That’s when you lock out a user account. You lock out the account (killing any processes owned by them) and do your investigation. 

In short, there are a bunch of excellent reasons why you’d want to lock out a user account. Knowing how to do so is just good security. Knowing when to do so is just good administration. So, let’s learn to do so…

The passwd Command:

The tool we’ll be using is one that you certainly have installed by default. You won’t need to install anything fancy. Your version of Linux will come with the appropriate account management tools.

That tool? That tool is the passwd command. You can verify that passwd is properly installed with the following command:

which passwd

The output should probably match this:

$ which passwd
/usr/bin/passwd

If you check the man page (with man passwd) you’ll see that there are plenty of options but it’s nothing too complicated. Assuming you’ve generated a spare user account, you can play around with the various commands in a mostly harmless way. Mostly…

We’re interested in the -l flag. You can also just use the –lock flag if you prefer to spell it out. Both flags will perform the same. I suppose you can use the longer flag if you’re sharing the command with other people. That way they’ll have an idea of what the command is doing.


Sponsorship:

This article is sponsored by Hilkom Digital

Most website owners realize the value of search engine optimization (SEO) within their website. You may have put a lot of effort into it, but bad links could still be lingering and affecting your rankings. These links can make Google punish your website and lower your search engine ranking, which means fewer people will visit your website. What’s a bad link? How can you find them, clean them up, and get your site back on track?

With our free service, you do not need to take any action by yourself, let experts handle all the tasks for you. We will scan all the backlinks that point to your site and remove only the most harmful ones, the links that have a high spam score, and high toxicity, and links that come from penalized or non-ranking sites. We will send you complete instructions on how to upload the clean-up file to Google, so you won`t have to share any access details with us. Once uploaded, the clean-up is complete and your site ranks will start recovering its ranks in Google in just a few weeks.

Click to Get Your Free Backlinks Report


Lock Out A User Account:

You will need an open terminal, of course. If you’re in a position where you’re going to lock out a user account, you probably already know how to access the terminal. If not, most of you can just press CTRL + ALT + T to open up your terminal.

To lock out a user account, the syntax is simple:

sudo passwd -l <username>

Or, as mentioned above, you can use -lock instead:

sudo passwd --lock <username>

For example, you can lock that Peter dude out easily:

sudo passwd -l peter

If it turns out that Peter wasn’t to blame, or your co-admin wasn’t doing anything fishy, you can easily undo this. This is one of the reasons why you don’t delete the account immediately. If you lock the account, you can undo it. If you delete the account, it’s a whole lot of work to recreate it beyond just basic account creation.

To do that whole unlock a user account, the syntax is pretty much the same. This time around, we’re using the -u flag. Of course, you can use the –unlock flag if you prefer.

Again, the syntax is simple:

sudo passwd -u <username>

Or, if you prefer to spell it out:

sudo passwd --unlock <username>

Using the aforementioned Peter above, an example would look like this:

sudo passwd -u peter

I’m sure you know that all user accounts must be in lowercase letters. It follows that these commands are also case-sensitive. Linux is like that. Case matters a great deal in Linux. Unless you’ve set up some sort of alias, CD is not the same as cd. So, remember that in your Linux travels!

Closure:

If you ever need to know how to lock out a user account, you can refer to this article. You should be able to easily find it using the search function here on the site. It seemed like a good topic to write about and a good time to test the sponsorship features.

That’s right. The astute among you will have noticed some sponsorship. Those same astute people may have noticed that you’re not seeing any other ads. Funding the site is not essential, but it is nice. We’ve got to pay the bills one way or another. Right now, I shoulder most of those bills. ‘Snot like folks donate consistently (or often, for that matter). So, we’ll try this sponsorship for a while and see how things go. If you don’t like sponsored content, you can just skip that section of the page.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

KGIII

Retired mathematician, residing in the mountains of Maine. I may be old and wise, but I am not infallible. Please point out any errors. And, as always, thanks again for reading.

Recent Posts

Enable/Disable Your Network Interface

Today we'll cover one way to enable or disable your network interface in the Linux…

7 months ago

Check Your NIC Speed In The Terminal

Today's exercise is a nice and simple exercise where we check your NIC speed in…

7 months ago

Easily Monitor Your Wireless Connection

Have you ever wanted to easily monitor your wireless connection? Well, now you can learn…

7 months ago

Count The Files In A Directory

I think I've covered this before with the ls command but this time we'll count…

7 months ago

Get System Information With The ‘uname’ Command In Linux

Today we'll be learning about a basic Linux command that's known as 'uname' and it…

7 months ago

hardinfo Has Been Rebooted As hardinfo2

If you've used hardinfo in the past, it may interest you to know that hardinfo…

7 months ago