How to disable users in linux/unix?

This how-to will show how to disable a user account under linux. This might be useful in the situation where you don’t want to permanently remove the user, but you just want it disabled and no longer able to use the system. The user will still receive emails for example, but he will not be able to login and check them out.

In latest linux systems /etc/shadow stores the encrypted user passwords. The quickest way to disable a user is to alter is password stored in /etc/shadow. Normally an active user account will have one line in /etc/shadow that will look like:


where the second field is the encrypted password. Note: Fields seperated by :

If we replace the password with “*” or “!” this will make the account unusable, and that means the user will not able to login on system any more:


This method has the disadvantage that the user password will be lost (unless saved somewhere, etc.) in the case we will want to re-enable it again later. From this point of view a much better method is to use the passwd command to lock the account:

passwd -l

and the output of the successful change will be “Password changed.”. This actually just changes the shadow file and adds “!” in front of the user password:


Of course we could do this manually ourselves also if we want but its good to do through commands. There is a chance of human error if you try and edit shadow file by yourself.

If you will ever need to re-enable the account just unlock it:

passwd -u

or just remove manually the “!” character from the user’s password line in /etc/shadow.

Of course if you don’t need all this stuff and you just want to permanently remove the user just run:


this will keep user’s old files (home directory, mails, etc.) or to delete all his files on the system:

userdel -r

just be careful what is the home of the user before running this command as personally I have seen someone do this and erasing all the system… the user had set as home “/” .

Hope this helps.

Leave a Reply

Your email address will not be published. Required fields are marked *