If you want to disable any user to prevent that the user logs into his/her account on Ubuntu or lock the user’s account so he/she won’t be able to log in and access the privileged rights, you can do it in three ways through command line input (CLI). This article will explain and demonstrate these 3 ways through which you can perform the specified task.

Prerequisites

  • Ubuntu 20.04 LTS system (other Ubuntu versions will work too)
  • User with sudo privileges

Disabling a user in Ubuntu

Follow the below explained ways to inactivate a user in ubuntu 20.04 LTS.

Method 1: Lock the password

For locking the user’s account password, there are 2 commands for doing it. The commands are:

  • usermod -L
  • Passwd -l

These two commands will put an exclamation mark “!” in the second field of the /etc/passwd file. This addition of an exclamation mark will be sufficient to lock the user account’s password.

Using the “usermod -L” command

Run the following command in terminal to lock the password:

 $ sudo usermod -L username

For this particular article, the user whose account I want to lock is “muneeb” so the username in the above command will be “muneeb”.

Disable a user using usermod command

Entering the above command will ask for the root account password first to proceed. Type the password and hit enter to proceed.

Using the “passwd -l” command

Run the following command to lock the password in the terminal.

 $ sudo passwd -l username

For using this command, the particular user ( according to my system) is “Zahid” whose account I want to disable to login into his account. So, the username in the above command will be “Zahid”. This command

Disable a user using passwd command

After running the above command, the terminal will ask for the root’s password first. Enter the root’s password to proceed further.

Method 2: Expire the user account

The lock password way has some cons as well. It sometimes doesn’t completely forbid the specified user’s login into the system by SSH ( Secure Shell) public keys. The other way through which a user’s account can be permanently disabled or inactivated is expiring the specified user’s account. To do so, run the following command in the terminal:

 $ sudo chage -E0 username

The username will be “Zahid” in the above command for this particular article.

Expire user account

Expiring Zahid’s account will close up all the access methods to be used by him. This command involves using the 8th field from the /etc/passwd file.

Method 3: Change the Shell

The third way can be changing the shell. The changed shell will be /sbin/nologin from the default shell. It will then not let any user login into the system. It involves using the 7th and the last field of the /etc/passwd file. You can do this by running the following command:

 $ sudo usermod -s /sbin/nologin username

For this particular article, the username in the above command will be “Zahid”.

Change the shell of the user

Running the above command will first ask for the root’s password to proceed. Type the password and hit enter.

Confirming whether the account has been disabled or inactive

1. Verify the user’s status (Locked/Unlocked)

After getting done with the above ways of locking the account, verify whether the user has been locked or disabled by running the following command:

 $ sudo passwd --status username

As mentioned above, the username in the above command will be “Zahid” for this particular article, whose account I have locked. Running the above command will give you the following status update. Look for the “L” flag in the output that shows whether the account has been locked or not.

Check user status to verify that it is disabled

2. Look for the non-interactive Shell

Check and verify that the locked user’s shell has been changed to a non-responding or interactive shell that is /sbin/nologin by running the following command.

 $ sudo grep ^username /etc/passwd

For this particular article, the username will be “Zahid” in the above command. Running the above will give you the following output.

Check shell of the user in /etc/passwd file

Conclusion

In this article, you will get to know about different ways of locking or disabling any user’s account. Being a Linux system administrator, you frequently need to manage multiple user accounts at a time easily by enabling or disabling some user accounts according to required specifications. Though each way has its own pros and cons, you can use any of the demonstrated ways as per your system efficiency.

How to deactivate or disable a user account in Ubuntu 20.04 LTS
Avatar

Karim Buzdar

About the Author: Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. You can reach Karim on LinkedIn