如何禁用或锁定Linux用户帐户？

How can I disable some Linux account? By disabling it I do not want to remove the account and related files. Just user related operations will be prevented. If an user authentication occurs it will be not authenticated. We will use usermod command to lock user account.

如何禁用某些Linux帐户？ 通过禁用它，我不想删除帐户和相关文件。 仅防止与用户相关的操作。 如果发生用户身份验证，则不会进行身份验证。 我们将使用usermod命令锁定用户帐户。

使用usermod命令禁用/锁定用户帐户 (Disable/Lock User Account with usermod Command)

We will disable account with the following code.

我们将使用以下代码禁用帐户。

$ usermod -L -e 1 test

• usermod will change user account related attributes and information.

  usermod将更改与用户帐户相关的属性和信息。

• -L will lock given account and put ! in the user passwords database before encrypted password.

  -L将锁定给定的帐户并放入！ 在用户密码数据库中的密码之前。

• -e 1 will set expire date from 1/1/1970

  -e 1将设置1970年1月1日起的过期日期

使用chage命令禁用/锁定用户帐户(Disable/Lock User Account with chage Command)

chage command is use to set user account expiration time for password. If we set previous than the current date the given account will be locked automatically. We provide the date in YYYY-MM-DD format. In this example we will lock user ismail.

chage命令用于设置密码的用户帐户有效时间。 如果我们设置的日期比当前日期早，则给定的帐户将被自动锁定。 我们以YYYY-MM-DD格式提供日期。 在此示例中，我们将锁定用户ismail 。

$ sudo chage -E 2010-01-01 ismail

使用passwd命令禁用/锁定用户帐户 (Disable/Lock User Account with passwd Command)

We can also use passwd command in order to lock given user account. We will provide -l option which means lock. In this example we will lock user ismail

我们也可以使用passwd命令来锁定给定的用户帐户。 我们将提供-l选项，表示锁定。 在此示例中，我们将锁定用户ismail

$ sudo passwd -l ismail

从/ etc / shadow禁用/锁定用户帐户 (Disable/Lock User Account From /etc/shadow)

/etc/shadow file stores the user password in encrypted format. If ! is added before hash value of the user password the user account will be disabled or locked. As an example we can lock user test with the following line. Attention to the ! at the begging of the password hash value.

/etc/shadow文件以加密格式存储用户密码。 如果! 在用户密码的哈希值之前添加，用户帐户将被禁用或锁定。 作为示例，我们可以使用以下代码行锁定用户test 。 注意了! 要求输入密码哈希值。

test:$6$!0G2HVsS0JZ3wqfK6$ClYJYYWaLhI5

从/ etc / passwd禁用/锁定用户帐户 (Disable/Lock User Account From /etc/passwd)

/etc/passwd file also store information about the user. An user account can be also locked from this file in two different ways.

/etc/passwd文件还存储有关用户的信息。 用户帐户也可以通过两种不同的方式从该文件中锁定。

LEARN MORE  Linux Etc Login.defs Configuration with Examples

了解更多Linux Etc Login.defs配置示例

禁用不登录的用户登录(Disable User Login with nologin)

We can disable an user account login from the /etc/passwd file at the end of line like /bin/bash which specifies the user shell. We will change to the /bin/nologin which is not a login shell.

我们可以从/etc/passwd文件的末尾禁用用户帐户登录，例如/bin/bash ，它指定了用户外壳程序。 我们将更改为/bin/nologin ，它不是登录shell。

test:x:1:1:bin:/bin:/sbin/nologin

Disable User Login with nologin

禁用不登录的用户登录

加了！ 用户名之后 (Adding ! After Username)

Another way is adding ! after username and before x like below.

另一种方法是添加! 在用户名之后和x之前，如下所示。

test:!x:1:1:bin:/bin:/sbin/bash

解锁/启用用户 (Unlock/Enable User)

After some time we may need to enable or unlock given user account there are different ways to unlock an user account. Here some of them with chage and passwd command.

一段时间后，我们可能需要启用或解锁给定的用户帐户，有多种方法可以解锁用户帐户。 在这里，其中一些带有chage和passwd命令。

$ sudo passwd -u ismail

检查用户锁定配置 (Check User Lock Configuration)

We will check the status of this account from configuration file. Is the account disabled?

我们将从配置文件中检查该帐户的状态。 帐户被禁用了吗？

$cat /etc/shadow | grep test

We can also check the user configuration whether it is locked or not with the chage command like below.

我们还可以使用如下所示的chage命令检查用户配置是否被锁定。

$chage -l test

如何禁用或锁定Linux用户帐户？ 信息移植 (How To Disable or Lock Linux User Account? Infografic)

How To Disable or Lock Linux User Account? Infografic

如何禁用或锁定Linux用户帐户？ 信息移植

翻译自: https://www.poftut.com/disable-lock-linux-user-account/