Learn how to check account lock unlock status in Linux. Also check how to lock or unlock accounts manually with commands.
Requirement :
To check current password status of account in Linux.
Solution :
1. To check if account is lock or not.
Below are two examples of command outputs when account is lock and when account is not locked.
If account is locked out then passwd -S clearly shows “Password locked” or else its will show “Password set” as status.
1 2 3 4 5 6 7 8 | # passwd -S user1 user1 LK 2016-10-01 0 90 7 -1 (Password locked.) # passwd -S user1 user1 PS 2016-10-01 0 90 7 -1 (Password set, MD5 crypt.) |
Also by observing encrypted password field in /etc/shadow file, account status can be determined. If encrypted password entry is preceded by !! then account is locked.
1 2 3 4 5 6 7 8 | # cat /etc/shadow |grep -i user1 user1:$1$ZFXgKhSG$lroasdrS0QM4iji.4h1:17075:0:90:7::: # cat /etc/shadow |grep -i user1 user1!!$1$ZFXgKhSG$lroasdrS0QM4iji.4h1:17075:0:90:7::: |
2. Lock account manually.
Sometimes it is advisable to lock accounts manually if you are suspecting some malicious activity from account. In such cases, account can be locked instantly using below command. Please be advised that current live sessions of that account are not affected when you are locking it out. You have to clear off /terminate currently active sessions manually to kick user out of system. User wont be able to login system after lockout.
1 2 3 4 5 6 | # passwd -l user1 Locking password for user user1. passwd: Success |
3. Unlock account manually.
To unlock any locked account on system below command can be used. Like above active sessions are not affected here as well.
1 2 3 4 5 6 | # passwd -u user1 Unlocking password for user user1. passwd: Success. |
Got any feedback? Comment here!