?
Solved

Disable user

Posted on 2007-08-11
7
Medium Priority
?
3,961 Views
Last Modified: 2013-12-21
1) What is the best way to disable a user in Solaris?
2) What would be the impact if I just commented a user in /etc/passwd? Do you think this is a good practice?
0
Comment
Question by:kecoak
7 Comments
 
LVL 7

Expert Comment

by:ezaton
ID: 19675467
This is a good practice and would disable the user. I used to do it, and it worked fine.
This will "disappear" the user. All his files will be owned by an unused UID, etc. But it works, and easily reversible.
0
 
LVL 14

Accepted Solution

by:
arthurjb earned 2000 total points
ID: 19676154
I disagree.  It is poor practice to have comment lines in your working passwd files.

Remember that the passwd and shadow files both control user access.

If the user has files located in various places around the machine, then it becomes tougher to determine the owner of the files.  And if that user was a power user with cron scripts and such, then you could impact other users and functions.


If the user is someone who you no longer want to login to the machine, then the quickest and easiest way is run;

passwd -l username

This assumes that it is a single machine not using nis or nis plus.  The command;

man passwd

will give you more detailed information.

0
 
LVL 7

Expert Comment

by:ezaton
ID: 19676168
I would disagree. Although files remain in the system, the user is, de facto, disabled.
You can also change the default user's shell to something like /bin/false or the likes, which will achieve similar effect (noe disabled, but cannot login).  
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 14

Expert Comment

by:arthurjb
ID: 19676222
My disagreement is with commenting out the user.

locking the account with the passwd command is the proper way to disable the user.

Changing the shell is not necessary if the user has been locked using the passwd command.  It is a common practice when you want to allow a user ftp access while not allowing shell access.

Of course if this system is using nis, nis plus or ldap, then there are other considerations, since the intended user may not even be in the local passwd file...

I assume that the original questioner will tell us more.
0
 

Author Comment

by:kecoak
ID: 19677637
No NIS or whatever ... just a local machine. What would happen to passwd and shadow file if you type passwd -l username? Will it get deleted? or has somekind of mark telling us that the account has been disabled?
0
 
LVL 14

Expert Comment

by:arthurjb
ID: 19677765

It will put the string;

*LK*

in the shadow file.



0
 
LVL 10

Expert Comment

by:Nukfror
ID: 19678171
Just as a further comment, unless absolutely necessary it is EXTREMELY bad form to manually edit /etc/passwd.  You should go through the proper commands for any changes.

Too many ways to effectively lock yourself including root out of the system.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question