How to suspend a user account?

Shell Programming and Scripting
1

Hi, guys. I have two questions:

I need to write a script, which can show all the non-suspended users on system, and suspend the selected user account.

There are two things I am not sure:

  1. How can I suspend user's account? What I think is: add a string to the encrypted password in shadow file, then the user is not able to login into the system.

  2. How can I know which accounts are suspended? What I think is: add fix string to the encrypted password in the shadow file, if I found any encrypted passwords begins with that string, I know these account are suspended.

Are these ideas good practices?

Thank you very much for your time in advance

-Keyang

2

By suspend, do you mean to lock the account so they can't login? This command does that, which can easily be done from a script:

usermod -L user

As for listing all non-suspended users, this might work. I grep for /bin/false to try to get rid of non-user users, but you still end up with mail, halt, nobody, etc. You could also use grep to eliminate '/bin/sh' if no one actually uses that shell.

for u in $(sudo grep -v ':!' /etc/shadow | cut -d: -f1); do
    grep -qv "$u.*/bin/false" /etc/passwd  &&  echo $u
done
3

Hi, Kenjackson

Thank you very much for your replay!

-Keyang