4.2.5 Disabling or removing a user account
A user account can be temporarily disabled or permanently removed.
To temporarily disable (lock) a user account, there is no need to change his/her password. Just put an asterisk "*" at the beginning of the second field (before the encrypted password) in the file /etc/shadow. The "*" means that no login is permitted for this account. When you want to restore the account, you just erase the asterisk and the user account is back in operation, with its old password.
Here is an example entry from the file /etc/shadow with the password disabled for user "peter":
peter:*$1$narMEFm6$fhA1puOU422HiSL5aggLI/:11193:0:99999:7:-1:-1:134539228
I could also lock a user account with the following command:
passwd peter -l
and unlock it with
passwd peter -u
To irreversibly remove a user account from my home computer, I do the following:
login as root
change my identity to the user to be removed, to check if there is any new important mail:
su doomed_user_login_name
logout
delete the user account and group
userdel doomed_user_login_name
groupdel doomed_user_login_name
Remove the user affiliation to any supplementary groups:
usermod -G doomed_user_login_name doomed_user_login_name
force-delete the user home directory with all its contents including any subdirectories:
rm -fr /home/doomed_user_login_name
* License
