If you want to disable any user to prevent that the user logs into his/her account on Ubuntu or lock the user’s account so he/she won’t be able to log in and access the privileged rights, you can do it in three ways through command line input (CLI). This article will explain and demonstrate these 3 ways through which you can perform the specified task.
- Ubuntu 20.04 LTS system (other Ubuntu versions will work too)
- User with sudo privileges
Disabling a user in Ubuntu
Follow the below explained ways to inactivate a user in ubuntu 20.04 LTS.
Method 1: Lock the password
For locking the user’s account password, there are 2 commands for doing it. The commands are:
- usermod -L
- Passwd -l
These two commands will put an exclamation mark “!” in the second field of the /etc/passwd file. This addition of an exclamation mark will be sufficient to lock the user account’s password.
Using the “usermod -L” command
Run the following command in terminal to lock the password:
$ sudo usermod -L username
For this particular article, the user whose account I want to lock is “muneeb” so the username in the above command will be “muneeb”.
Entering the above command will ask for the root account password first to proceed. Type the password and hit enter to proceed.
Using the “passwd -l” command
Run the following command to lock the password in the terminal.
$ sudo passwd -l username
For using this command, the particular user ( according to my system) is “Zahid” whose account I want to disable to login into his account. So, the username in the above command will be “Zahid”. This command
After running the above command, the terminal will ask for the root’s password first. Enter the root’s password to proceed further.
Method 2: Expire the user account
The lock password way has some cons as well. It sometimes doesn’t completely forbid the specified user’s login into the system by SSH ( Secure Shell) public keys. The other way through which a user’s account can be permanently disabled or inactivated is expiring the specified user’s account. To do so, run the following command in the terminal:
$ sudo chage -E0 username
The username will be “Zahid” in the above command for this particular article.
Expiring Zahid’s account will close up all the access methods to be used by him. This command involves using the 8th field from the /etc/passwd file.
Method 3: Change the Shell
The third way can be changing the shell. The changed shell will be /sbin/nologin from the default shell. It will then not let any user login into the system. It involves using the 7th and the last field of the /etc/passwd file. You can do this by running the following command:
$ sudo usermod -s /sbin/nologin username
For this particular article, the username in the above command will be “Zahid”.
Running the above command will first ask for the root’s password to proceed. Type the password and hit enter.
Confirming whether the account has been disabled or inactive
1. Verify the user’s status (Locked/Unlocked)
After getting done with the above ways of locking the account, verify whether the user has been locked or disabled by running the following command:
$ sudo passwd --status username
As mentioned above, the username in the above command will be “Zahid” for this particular article, whose account I have locked. Running the above command will give you the following status update. Look for the “L” flag in the output that shows whether the account has been locked or not.
2. Look for the non-interactive Shell
Check and verify that the locked user’s shell has been changed to a non-responding or interactive shell that is /sbin/nologin by running the following command.
$ sudo grep ^username /etc/passwd
For this particular article, the username will be “Zahid” in the above command. Running the above will give you the following output.
In this article, you will get to know about different ways of locking or disabling any user’s account. Being a Linux system administrator, you frequently need to manage multiple user accounts at a time easily by enabling or disabling some user accounts according to required specifications. Though each way has its own pros and cons, you can use any of the demonstrated ways as per your system efficiency.