Check if user account is locked in Linux

If you ever needed to know if an account is locked in CentOS Linux, there are a few commands to find those answers.


Lock a password using passwd.

[root@centos~]# passwd -l testuser
Locking password for user testuser.
passwd: Success

Additional confirmation that the password is locked.  The double !! indicates that the password is locked.  Note that this user does not have a password.

[root@centos~]# getent shadow testuser

Unlock the password.  Note that the password did not unlock as it did not have a password.

[root@centos ~]# passwd -u testuser
Unlocking password for user testuser.
passwd: Warning: unlocked password would be empty.
passwd: Unsafe operation (use -f to force)
[root@centos ~]# grep testuser /etc/shadow

Add a password.

[root@centos ~]# passwd testuser
Changing password for user testuser.
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.

Now check the password.  The password is unlocked.

[root@centos~]# getent shadow testuser

So, if the account has a password, it may be unlocked with passwd -u testuser.  Whether or not there is a password, the password may be unlocked by changing or adding a password with passwd testuser.

The password may be checked another way.

[root@centos~]# passwd -S testuser
testuser LK 2017-03-13 0 99999 7 -1 (Password locked.)
[root@centos~]# passwd -u testuser
Unlocking password for user testuser.
passwd: Success
[root@centos ~]# passwd -S testuser
testuser PS 2017-03-13 0 99999 7 -1 (Password set, SHA512 crypt.)


Lock an account. The ! indicates that the user account is locked.

[root@centos~]# usermod -L testuser
[root@centos~]# getent shadow testuser


No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *