How to Lock a User Account

How to Lock a User Account in Linux

Hey there! 👋 If you're managing a Linux system with multiple users, sometimes you may need to temporarily prevent a user from logging in — maybe for security reasons, or because the account is no longer active. In Linux, this is called locking a user account. In this quick tutorial, we'll show you how to do it safely and clearly.

🔐 Why Lock a User Account?

Locking a user account prevents the user from logging in, but it does not delete their files, processes, or home directory. This is useful when you want to temporarily restrict access without permanently removing the account.

🛠️ Step-by-Step: Locking the Account

Let’s say you want to lock a user named john. Here’s how you do it using the terminal:

sudo usermod -L john

This command locks the password of the user account. The user won’t be able to log in using their password anymore.

🔍 What Actually Happens?

When you lock the account, Linux adds an exclamation mark (!) in front of the user’s password hash in the /etc/shadow file.

You can verify this using:

sudo grep '^john:' /etc/shadow
john:!$6$somerandomhashhere:19373:0:99999:7:::

See that ! before the hash? That means the account is locked.

🧪 Alternative Method (Using passwd)

You can also lock a user account with the passwd command:

sudo passwd -l john

It works the same way — just a different tool under the hood.

🔓 How to Unlock the Account

To reverse it and allow the user to log in again:

sudo usermod -U john

or

sudo passwd -u john

✅ Summary

  • Use usermod -L or passwd -l to lock a user account
  • This disables password-based login for the user
  • Unlock with usermod -U or passwd -u

And that’s it! 🎉 You now know how to lock and unlock user accounts on Linux. Handy, right? Whether you’re managing a home server or a production environment, this skill is a must-have in your Linux toolkit. Keep exploring, and happy learning!