Showing posts with label passwd. Show all posts
Showing posts with label passwd. Show all posts

Friday, May 25, 2018

how to force user to change their password on next login in linux ?


Method 1:
To force a user to change his/her password, first of all the password must have expired and to cause a user’s password to expire, you can use the passwd command, which is used to change a user’s password by specifying the -e or --expire switch along with username as shown.
#passwd --expire ravi
#chage -l ravi
Last password change                                                           : password must be changed
Password expires                                                                    : password must be changed
Password inactive                                                                   : password must be changed
Account expires                                                                       : never
Minimum number of days between password change    : 0
Maximum number of days between password change    : 99999
Number of days of warning before password expires       : 7
After running the passwd command above, you can see from the output of thechage command that the user’s password must be changed. Once the userravi tries to login next time, he will be prompted to change his password before he can access a shell .
Method 2:
Using chage command:
chage command – Change user password expiry information
Use the following syntax to force a user to change their password at next logon on a Linux:
# chage -d 0 user-name
In this example, force ravi to change his password at next logon, enter:
# chage -d 0 ravi
  • -d 0 : Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD. By setting it to zero, you are going to force user to change password upon first login.


Saturday, February 28, 2015

How to deny or block user login in linux



Deny user login by locking out account

Pass -l option to passwd command. It is used to lock the specified account and it is available to root only. The locking is performed by rendering the encrypted password into an invalid string and by prefixing the encrypted string with an !.

Syntax
passwd -l {username}
passwd  -l rajesh

Unlock account or allow login
To allow login use passwd command as follows:

passwd -u {username}
Passwd  -u rajesh

This is the reverse of the -l option - it will unlock the account password by removing the ! prefix.

/sbin/nologin shell

/sbin/nologin displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field for accounts that have been disabled or login is blocked.

Example: Deny login for rajesh user

Type the command as follows (login as root user):
# passwd -l rajesh
             or
You can also change shell to /sbin/nologin:
# usermod -s /sbin/nologin rajesh

Example: Allog login for rajesh user

Type the command as follows (login as root user):
# passwd -u rajesh
              or
You can also need change back shell from /sbin/nologin  to /bin/bash:
# usermod -s /bin/bash rajesh