How to check the lock status of any user account in Linux

In my last article I had showed you the steps to keep track of commands executed by individual users and to check the login time of respective users in your Linux box.

Follow below article to get the steps to lock and unlock a user for multiple failed login attempts

How to lock or unlock a root and normal user account using pam_tally2 and pam_faillock after certain number of failed login attempts in Linux

Here I will show you few commands which I know can be used to see if any user account on your Linux machine is locked.

Case 1: Password Locked

In this case the password of any account is locked using the below command

To lock the password

# passwd -l user1

Locking password for user user1.

passwd: Success

Review the status in /etc/shadow

# grep user1 /etc/shadow user1:!!$6$ciJaoDR9$Qpt9sctRLjbZ4/Agxy9UOvu/XQqNrFo9rpgfZ/xrF/8JphkEvF29ITpef0SVLdJcrpv8Q/.6mRAHee4tZT0r11:16299:0:99999:7:::

As you can see above two exclamation mark (!!) before the encrypted password which means that the password has been locked

To unlock the password

# passwd -u user1

Unlocking password for user user1.

passwd: Success

Case 2: Account is Locked

In this case the user account might have been locked by the administrator

To lock an account
# usermod -L user1
Review your /etc/shadow file for the changes

# grep user1 /etc/shadow

user1:!$6$ciJaoDR9$Qpt9sctRLjbZ4/Agxy9UOvu/XQqNrFo9rpgfZ/xrF/8JphkEvF29ITpef0SVLdJcrpv8Q/.6mRAHee4tZT0r11:16299:0:99999:7:::

As you see an extra single exclamation mark(!) appeared in the password section before the encrypted password starts which signifies that the user account is locked

To unlock a user account
# usermod -U user1

Case 3: Password never set

This can also be the scenario where the administrator has not assigned any password due to which the user is not able to login

So to verify this again you need to check your /etc/shadow file

# grep user1 /etc/shadow

user1:!!:16299:0:99999:7:::

As you see two exclamation mark(!!) is there but no encrypted password which means a password is not set.

If the password was set without lock your /etc/shadow would look like something below

# grep user1 /etc/shadow

user1:$6$ciJaoDR9$Qpt9sctRLjbZ4/Agxy9UOvu/XQqNrFo9rpgfZ/xrF/8JphkEvF29ITpef0SVLdJcrpv8Q/.6mRAHee4tZT0r11:16299:0:99999:7:::

Check the lock status of any Linux Account

Now one single command to see the lock status of the user

# passwd -S user1

user1 LK 2014-08-17 0 99999 7 -1 (Password locked.)

If the user account is unlocked you will output like below

# passwd -S user1

 user1 PS 2014-08-17 0 99999 7 -1 (Password set, SHA512 crypt.)

About Me

My name is Deepak Prasad and I am very passionate about my work which mostly includes and revolves around Linux/Unix platform, virtualisation, openstack cloud, hardware, firmware, security, network, scripting, automation and similar stuff.

If I look back it looks like it was just yesterday when I started as a fresher in my first company as a total noob (which still I am BTW) and now I am here trying to run a tutorial site, I am not sure how good this is but at least I feel I learn something new every time I open my blog to write a new post. This honestly was sort of a notebook for me later turned into a tutorial blog.

There is nothing much about me to write here so cheers!!

VMware

Linux

Database

How to check the lock status of any user account in Linux

Case 1: Password Locked

Case 2: Account is Locked

Case 3: Password never set

Check the lock status of any Linux Account

3 comments:

Enter the text to search..

Get Articles delivered to your mail

CONNECT US ON SOCIAL PLATFORM

YOU MIGHT ALSO LIKE

RECENT POSTS

About Me

Popular Posts