How to use the “usermod” command In Linux
In Linux, we can change the properties of a user account by using the “usermod” command. It lets us modify a user’s home directory, login shell, username, user ID (UID), and more.
1. Steps to Lock User Accounts:
Step 1: Open up the terminal.
Step 2: To lock the user account use “usermod” with the “-L” or “–lock” option.
usermod --lock username
One can use the passwd command to verify the status of a locked user account.
Output:
Status of User Account after Locking
2. Steps to Unlock User Accounts:
Step 1: Open up the terminal.
Step 2: To unlock the user account use “usermod” with the “-U” or “–unlock” option.
usermod --unlock username
Step 3: Now the status of the user account can be checked by filtering the user from the “/etc/shadow“ file. Type the command below to get the status.
grep username /etc/shadow
Output:
Status of User Account after Unlocking
Output:
Exclamation sign(!) shows account locked
The screenshot above shows that the user account is locked, as indicated by the single exclamation sign(!) that appears after the username. If the indication is absent, the user account has been unlocked.
How to unlock a locked user account in linux?
To regulate access and maintain security, Linux/Unix systems must have the ability to lock and unlock user accounts. It offers the adaptability required to handle a range of security and operational scenarios while making sure that only authorized users have access. Some of the reasons why locking and unlocking user accounts is essential for system security are mentioned below.
- Security: A user account can be locked to stop someone from using it without authorization. Access that is not authorized may result in security events like data loss or breaches.
- Account Management: Proper account management may include locking accounts. For instance, to ensure that someone who leaves the company, no longer has access to company resources, the account should be closed. When a new employee wants access, unlocking may be done.
- Temporary Suspension: User access can be temporarily suspended for maintenance or system updates by locking accounts. The accounts can be unlocked after the maintenance is finished.
- Multiple Failed Attempts: Multiple failed login attempts can be detected by a system, and the account can then be immediately locked to prevent brute-force attacks.
In this article we will discuss some of the common methods to lock and unlock user accounts in Linux/Unix-based OS: