Account lock unlock status in Linux

Learn how to check account lock unlock status in Linux. Also, check how to lock or unlock accounts manually with commands.

Requirement :

To check the current password status of the account in Linux.

Solution :

1. To check if the account is locked or not

Below are two examples of command outputs when the account is locked and when the account is not locked.

If the account is locked out then passwd -S clearly shows Password locked or else it will show Password set status.

# passwd -S user1
user1 LK 2016-10-01 0 90 7 -1 (Password locked.)
# passwd -S user1
user1 PS 2016-10-01 0 90 7 -1 (Password set, MD5 crypt.)

Also by observing the encrypted password field in /etc/shadow file, account status can be determined. If encrypted password entry is preceded by !! then the account is locked.

# cat /etc/shadow |grep -i user1
user1:$1$ZFXgKhSG$lroasdrS0QM4iji.4h1:17075:0:90:7:::  
# cat /etc/shadow |grep -i user1
user1!!$1$ZFXgKhSG$lroasdrS0QM4iji.4h1:17075:0:90:7:::  

2. Lock account manually.

Sometimes it is advisable to lock accounts manually if you are suspecting some malicious activity from account. In such cases, the account can be locked instantly using the below command. Please be advised that current live sessions of that account are not affected when you are locking it out. You have to clear off /terminate currently active sessions manually to kick the user out of the system. The user won’t be able to log in to the system after the lockout.

# passwd -l user1
Locking password for user user1.
passwd: Success

3. Unlock the account manually.

To unlock any locked account on the system below command can be used. Like above active sessions are not affected here as well.

# passwd -u user1
Unlocking password for user user1.
passwd: Success.