-1

I have seen people use passwd -l "$USERNAME" ,

But the linux man page does not explain what the -l option is for. What does it do ?

Kaizer Sozay
  • 739
  • 3
  • 13
  • 19
  • 3
    Really? My copy of the man page for `passwd` *does* document `-l`. – Celada Mar 20 '15 at 06:02
  • mine doesn't. And I can't find it online either. – Kaizer Sozay Mar 20 '15 at 06:03
  • First Google hit for "passwd man page" documents it. – Celada Mar 20 '15 at 06:03
  • But can you explain what the above does ? Does it just set the username as blank? – Kaizer Sozay Mar 20 '15 at 06:04
  • Now if I knew what it did, I wouldn't have asked the question. If I had asked "How do I Disable a user's login without disabling the account ?" then it would be a duplicate. I was trying to figure out what someone is trying to do with the -l option. – Kaizer Sozay Mar 20 '15 at 06:06
  • 1
    Uh... They're trying to "lock the password of the named account", exactly as documented. No?? It sounds like maybe what you want to know is how the `-l` option is *implemented* internally. But that's not what you asked. – Celada Mar 20 '15 at 06:10

3 Answers3

3

I got this by issuing the passwd command at the CLI

-l, --lock                    lock the password of the named account

It locks the account so that root has to unlock the account before this person can log-in and use the account again.

EDIT As it was indicated this is a duplicate of this

Community
  • 1
Dylan
  • 1,018
  • 2
  • 10
  • 19
2

The -l switch for passwd locks the user account by changing the password to a value which matches no possible encrypted value. Only root has access to passwd -l.

Note that passwd -l does not keep the user from gaining access through other means such as authentication tokens (like SSH keys).

To lock access to a user account:

passwd -l  username

To unlock an account again:

passwd -u username
wbruan
  • 425
  • 1
  • 4
  • 9
1

It is documented:

$ man passwd
...
       -l, --lock
           Lock the password of the named account. This option disables a
           password by changing it to a value which matches no possible
           encrypted value (it adds a ´!´ at the beginning of the password).
...
shadow-utils 4.1.5.1              07/26/2013                         PASSWD(1)

https://unix.stackexchange.com/a/55115/2594

Community
  • 1
jlliagre
  • 60,319
  • 10
  • 115
  • 157