Next | Prev | Up | Top | Contents | Index
Locking a User Account
If you wish, you can close a user's account so that nobody can log in to it or su to that user's ID number.
If you expect that the user will again require access to the system in the near future, close an account in the manner described below rather than removing it from the system completely (as described in "Deleting a User from the System").
To close an account, follow these steps:
- Log in as root.
- Edit the file /etc/passwd. Find the user's account entry.
- Make the entry a comment by placing a number sign at the beginning of the line. For example:
# ralph:+:103:101:Ralph Cramden:/usr/people/ralph:/bin/csh
- As an added measure of security, you can replace the encrypted password (the second field in the entry) with a string that cannot be interpreted as a valid password. For example:
# ralph:*:103:101:Ralph Cramden:/usr/people/ralph:/bin/csh
This has the added benefit of reminding you that you deliberately closed the account.
- If necessary, you can also close off the user's home directory with the following commands:
chown root /usr/people/ralph
chgrp bin /usr/people/ralph
chmod 700 /usr/people/ralph
The user's account is now locked, and only root has access to the user's home account.
cramden:x:103:101:Ralph Cramden:/usr/people/cramden:/bin/csh
Next | Prev | Up | Top | Contents | Index