hi
how can I Lock an account, by prepending �*LK*� to the password field in /etc/shadow.
I dont want to use passwd -l .
Any idea?
hi
how can I Lock an account, by prepending �*LK*� to the password field in /etc/shadow.
I dont want to use passwd -l .
Any idea?
You could mangle /etc/shadow directly, but passwd -l is the safe way to lock entries.
Why do you not wish to use passwd -l? Maybe we can help with the previous or next step in your requirement...
Thanks for your reply
1-)
When I use "passwd -l" option, somehow I can login with the locked user.
Do you know why?
[root]# passwd -l tj
Locking password for user tj
passwd:Success
[root]#su - tj
[tj] ls
....
2-)Where should I put �*LK*� inside the password field in /etc/shadow?
Could you give an example
Regards
root will still be able to su to the user. A test would be to su to a user that does not have root access - and try to su - to the locked user.
If you want to completely disable the account, change the default shell to /bin/false. This is a shell that doesn't exist, so will not allow root to su to it.
usermod -s /bin/false username
*LK* belongs in the second field, but again, you SHOULD NOT manually manipulate this file.