Linux Lock / Unlock User Account : Force User Change Password Next Login

 

The most important responsibilities of any administrator are the administration and monitoring of users in Linux. System Administrator can prevent unnecessary downtime and will uncover security holes before they become a problem. The user Information is stored in the system /etc/passwd and /etc/shadow files, and that additionally; group membership information is stored in the /etc/group. There are three types of user account in Linux. 1) root user, 2) System User, 3) Normal User. Its good practice to take precaution while creating users account in Linux.

Example: 1 Creating normal user account and setting password for in Linux

[root@mailserver ~]# adduser aloft
[root@mailserver ~]# passwd aloft
Changing password for user aloft.
New UNIX password:

Example: 2 Locking and unlocking the user accounts using password command.

Below command Lock the account

[root@mailserver ~]# passwd -l aloft
Locking password for user aloft.
passwd: Success

Below command Unlock the account

[root@mailserver ~]# passwd -u aloft
Unlocking password for user aloft.
passwd: Success.

Below Command removes the Password

[root@mailserver ~]# passwd -d aloft
Removing password for user aloft.
passwd: Success

Example: 3 Locking the user accounts using usermod command.

Below Command locks the password.

[root@mailserver ~]# usermod -L aloft

Below Command unlocks the Password

[root@mailserver ~]# usermod -U aloft

Example: 4 Force Users to change Password at first login

This will force user to change password at first login

[root@mailserver ~]# chage -d 0 aloft

Prompt like below

You are required to change your password immediately (root enforced)
Changing password for aloft
(current) UNIX password:

They have to enter their CURRENT password first before having to enter a new one.

Example: 5 Set Password Expire date

The -E option is used to set a date on which the users account will no longer be accessible.

[root@mailserver ~]# usermod -e 03/08/2012 aloft