Locking and unlocking a user account

By jbayer - Last updated: Wednesday, September 18, 2013 - Save & Share - Leave a Comment

This is a script that someone whipped up.  It wasn’t myself, and I have been unable to find an author.  I find it extremely useful when locking down a server.  I cleaned it up a bit and added some error checking before posting here.

There are times when you need to disable a user’s access to a server, yet not delete that user for various reasons.  This script will do that for you.

There are two ways a user can log on to a system.  The first is with the traditional userid/password, which is stored in /etc/passwd and /etc/shadow.  The second is with ssh keys.  Both have to be addressed.

This script will use the passwd command to disable the login in the /etc/shadow file.  It also renames the .ssh directory in the user’s home directory so that ssh keys won’t work.

Usage is very simple.  To lock an account:

userlock -l userid

To unlock an account:

userlock -u userid

If you try to lock an already locked account, it will warn you and exit.  Similarly, if you try to unlock an already-unlocked account, you will be warned.

  userlock.gz (646 bytes, 277 hits)

Posted in Administration • Tags: , , , Top Of Page

Write a comment