This is a script that someone whipped up. It wasn’t myself, and I have been unable to find an author. I find it extremely useful when locking down a server. I cleaned it up a bit and added some error checking before posting here.
There are times when you need to disable a user’s access to a server, yet not delete that user for various reasons. This script will do that for you.
There are two ways a user can log on to a system. The first is with the traditional userid/password, which is stored in /etc/passwd and /etc/shadow. The second is with ssh keys. Both have to be addressed.
This script will use the passwd command to disable the login in the /etc/shadow file. It also renames the .ssh directory in the user’s home directory so that ssh keys won’t work.
Usage is very simple. To lock an account:
userlock -l userid
To unlock an account:
userlock -u userid
If you try to lock an already locked account, it will warn you and exit. Similarly, if you try to unlock an already-unlocked account, you will be warned.
userlock.gz (646 bytes, 255 hits)