Check if user account is locked in Linux

Contents

If you ever needed to know if an account is locked in CentOS Linux, there are a few commands to find those answers.

Password

Lock a password using passwd.

[root@centos~]# passwd -l testuser
Locking password for user testuser.
passwd: Success

Additional confirmation that the password is locked.  The double !! indicates that the password is locked.  Note that this user does not have a password.

[root@centos~]# getent shadow testuser
testuser:!!:17239:0:99999:7:::

Unlock the password.  Note that the password did not unlock as it did not have a password.

[root@centos ~]# passwd -u testuser
Unlocking password for user testuser.
passwd: Warning: unlocked password would be empty.
passwd: Unsafe operation (use -f to force)
[root@centos ~]# grep testuser /etc/shadow
testuser:!!:17239:0:99999:7:::

Add a password.

[root@centos ~]# passwd testuser
Changing password for user testuser.
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.

Now check the password.  The password is unlocked.

[root@centos~]# getent shadow testuser
testuser:$6$wfr9GW6r$IOpUe7QzqAAdgQmvT94Ic10uGCWwge95CqMvPpfDWEfNV84SfRcPnC5DJ8QV3v7zaxkyhkI.0u.LtTI4ePPY/1:17239:0:99999:7:::

So, if the account has a password, it may be unlocked with passwd -u testuser.  Whether or not there is a password, the password may be unlocked by changing or adding a password with passwd testuser.

The password may be checked another way.

[root@centos~]# passwd -S testuser
testuser LK 2017-03-13 0 99999 7 -1 (Password locked.)
[root@centos~]# passwd -u testuser
Unlocking password for user testuser.
passwd: Success
[root@centos ~]# passwd -S testuser
testuser PS 2017-03-13 0 99999 7 -1 (Password set, SHA512 crypt.)

Account

Lock an account. The ! indicates that the user account is locked.

[root@centos~]# usermod -L testuser
[root@centos~]# getent shadow testuser
testuser:!$6$NYjZ.ycM$eE4fPOSwikwG.86cVeuTMNzUgeRDB/raOeP0PISUS5PbqzbHtMsmamA7w4vzhRmNuGPCVv91FnkKIrIC7JAnv1:17239:0:99999:7:::

Source(s)

  • http://www.golinuxhub.com/2014/08/how-to-check-lock-status-of-any-user.html