Manage user accounts in Linux with user mod and password commands

Manage user accounts in Linux effectively with this hands-on guide for system administrators. Whether you’re disabling login access, locking out users temporarily, or re-enabling an account, Linux provides multiple tools to control user access securely.

Below, we explore different ways to lock, expire, and re-enable user accounts with updated examples.

1. How to Manage User Accounts in Linux by Expiring Them

You can set an expiration date on their account to prevent a user from logging in (including via SSH). Setting the date to 1 immediately disables the account.

Disable an Account (Immediate Lock):

bash

sudo usermod– expiredate 1 fatima 

Re-enable the Account (Set to “Never Expire”):

bash

sudo usermod– expiredate “” fatima 

Additional Example:

bash

# Disable an account for a contractor  

sudo usermod –expiredate 1 contractor_john  

# Re-enable it later  

sudo usermod –expiredate “” contractor_john 

2. Lock Passwords to Manage Linux User Login Access

Locking a password prevents a user from logging in with their password, but they may still access the system via SSH keys.

Lock the Password:

bash

sudo passwd -l paul 

(This prepends a ! to the password hash, making it invalid.)

Unlock the Password:

bash

sudo passwd -u paul 

Additional Example:

bash

# Lock a temporary employee’s account  

sudo passwd -l temp_mary  

# Unlock when needed  

sudo passwd -u temp_mary 

3. Force Password Expiry Without Disabling the Account

This forces the user to change their password upon logging in, but does not disable the account.

Force Password Reset:

bash

sudo passwd -e office 

Additional Example:

bash

# Require a password reset for security compliance  

sudo passwd -e admin_alice 

4. Lock and Expire Simultaneously to Manage Access

To fully lock an account and set an expiration date in one command:

Lock and Expire an Account:

bash

sudo usermod -L -e 1 developer 

Unlock and Remove Expiration:

bash

sudo usermod -U -e “” developer 

Additional Example:

bash

# Lock and expire a former employee’s account  

sudo usermod -L -e 1 old_staff  

# Restore access if needed  

sudo usermod -U -e “” old_staff 

Important Notes:

  • Disabling (-l) and locking (-L) a user account achieve the same result.
  • Expiring a password (-e) forces a password change but does not lock the account.
  • For SSH access control, consider modifying sshd_config or using key-based authentication restrictions.

Practical Examples to Manage User Accounts in Linux

bash

# Lock an inactive user  

sudo passwd -l guest_user  

# Set an expiration date for automatic deactivation  

sudo passwd -e 2024-12-31 intern  

# Re-enable a locked account  

sudo passwd -u office  

# Fully lock and expire an account  

sudo usermod -L -e 1 suspicious_user 

By using these commands, administrators can efficiently manage user access in Linux systems. Choose the method that best fits your security requirements.

Contact Cloud Technology Hub for a strategy consultation, or subscribe to our newsletter for more tips.

Recommended Posts

How to Create Admin Account on Mac Without Admin Access (3 Easy Methods)
Dark Patterns Unveiled: How to Identify and Avoid Deceptive Design Tricks
Designing for Everyone: A Practical Guide to Accessible and Inclusive UX
Serverless 101: Build Your First App Without Managing a Single Server