Managing user accounts is a fundamental task. One crucial aspect is the ability to lock and unlock user accounts based on security requirements or operational needs. This article will guide you through the process with practical command examples.

Locking a User Account

Locking a user account prevents the user from accessing the system while keeping the account itself intact. This can be useful in scenarios where you want to temporarily suspend a user’s privileges. The passwd command plays a pivotal role in achieving this:

sudo passwd -l username

Replace “username” with the actual username of the account you wish to lock. This command adds a lock to the user account by inserting an exclamation mark “!” in the password field of the /etc/shadow file, rendering the password unusable.

Verifying the Lock Status

To confirm whether the user account has been successfully locked, you can use the passwd command with the “-S” option:

passwd -S username

The output will display information about the account, including the lock status. A locked account will show “L” in the second field.

Unlocking a User Account

When the time comes to reinstate a user’s access, the account can be unlocked using the following command:

sudo passwd -u username

This command removes the lock by clearing the “!” from the password field in the /etc/shadow file, allowing the user to log in again.

Verifying the Unlock Status

To verify that the account has been successfully unlocked, you can once again use the passwd -S command:

passwd -S username

The absence of an “L” in the second field indicates that the account is now unlocked and ready for use.