Next | Prev | Up | Top | Contents | Index

Locking a User Account

If you wish, you can close a user's account so that nobody can log in to it or su to that user's ID number.

If you expect that the user will again require access to the system in the near future, close an account in the manner described below rather than removing it from the system completely (as described in "Deleting a User from the System").

To close an account, follow these steps:

  1. Log in as root.

  2. Edit the file /etc/passwd. Find the user's account entry.

  3. Make the entry a comment by placing a number sign at the beginning of the line. For example:

    # ralph:+:103:101:Ralph Cramden:/usr/people/ralph:/bin/csh

  4. As an added measure of security, you can replace the encrypted password (the second field in the entry) with a string that cannot be interpreted as a valid password. For example:

    # ralph:*:103:101:Ralph Cramden:/usr/people/ralph:/bin/csh

    This has the added benefit of reminding you that you deliberately closed the account.

  5. If necessary, you can also close off the user's home directory with the following commands:

    chown root /usr/people/ralph

    chgrp bin /usr/people/ralph

    chmod 700 /usr/people/ralph

The user's account is now locked, and only root has access to the user's home account.

cramden:x:103:101:Ralph Cramden:/usr/people/cramden:/bin/csh
Next | Prev | Up | Top | Contents | Index