Howto Lock or Freeze an Account

Howto Lock or Freeze an Account

Howto Lock or Freeze an Account
Freeze an account is to lock or disabling a user access. Whether you remove accounts in their entire along with perhaps gigabytes of files or only disable them so that no one can log into them is a choice that must be made with some knowledge of how the accounts were being used or a good policy that tells you who makes decisions about user accounts on various servers or applications.

The “userdel” command, for example, will generally not remove the contents of a user’s home unless a -r (remove) or -f (force) argument is used along with it. Instead, the command will do no more than remove the user’s /etc/passwd and /etc/shadow entries.

Another option is to insert a special character in front of the password hash in the /etc/shadow file. And I say “special” only because using a character such as ! will make your intention clear while any other character is more likely look like it’s simply a part of the hash. The “usermod” command on Linux systems does exactly that. It provides a lock option (-L) that inserts an exclamation point (!) in front of the password hash as described. If you need to unfreeze the account later, the usermod -U command will unlock it, removing the inserted!

Things you should do on a Unix system before removing an account is check to see whether the person has any processes that might still be running. He or she may have have left processes running or may have active logins. You can easily check with a “ps -U username” command.

Leave a Reply

Your email address will not be published. Required fields are marked *