Disable user

Posted on 2007-08-11
Last Modified: 2013-12-21
1) What is the best way to disable a user in Solaris?
2) What would be the impact if I just commented a user in /etc/passwd? Do you think this is a good practice?
Question by:kecoak
    LVL 7

    Expert Comment

    This is a good practice and would disable the user. I used to do it, and it worked fine.
    This will "disappear" the user. All his files will be owned by an unused UID, etc. But it works, and easily reversible.
    LVL 14

    Accepted Solution

    I disagree.  It is poor practice to have comment lines in your working passwd files.

    Remember that the passwd and shadow files both control user access.

    If the user has files located in various places around the machine, then it becomes tougher to determine the owner of the files.  And if that user was a power user with cron scripts and such, then you could impact other users and functions.

    If the user is someone who you no longer want to login to the machine, then the quickest and easiest way is run;

    passwd -l username

    This assumes that it is a single machine not using nis or nis plus.  The command;

    man passwd

    will give you more detailed information.

    LVL 7

    Expert Comment

    I would disagree. Although files remain in the system, the user is, de facto, disabled.
    You can also change the default user's shell to something like /bin/false or the likes, which will achieve similar effect (noe disabled, but cannot login).  
    LVL 14

    Expert Comment

    My disagreement is with commenting out the user.

    locking the account with the passwd command is the proper way to disable the user.

    Changing the shell is not necessary if the user has been locked using the passwd command.  It is a common practice when you want to allow a user ftp access while not allowing shell access.

    Of course if this system is using nis, nis plus or ldap, then there are other considerations, since the intended user may not even be in the local passwd file...

    I assume that the original questioner will tell us more.

    Author Comment

    No NIS or whatever ... just a local machine. What would happen to passwd and shadow file if you type passwd -l username? Will it get deleted? or has somekind of mark telling us that the account has been disabled?
    LVL 14

    Expert Comment


    It will put the string;


    in the shadow file.

    LVL 10

    Expert Comment

    Just as a further comment, unless absolutely necessary it is EXTREMELY bad form to manually edit /etc/passwd.  You should go through the proper commands for any changes.

    Too many ways to effectively lock yourself including root out of the system.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    #Citrix #Citrix Netscaler #HTTP Compression #Load Balance
    PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
    Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now