How can I check which users have login access on Ubuntu 10.0.4?

linux ubuntu security ubuntu-10.04

11,218

Solution 1

How about

sudo passwd -aS

man passwd tells us:

-a, --all

This option can be used only with -S and causes show status for all users.

-S, --status

Display account status information. The status information consists of 7 fields. The first field is the user´s login name. The second field indicates if the user account is locked (L), has no password (NP), or has a usable password (P). The third field gives the date of the last password change. The next four fields are the minimum age, maximum age, warning period, and inactivity period for the password. These ages are expressed in days.

And then to lock and unlock accounts we find this:

-l, --lock

Lock the password of the named account. This option disables a password by changing it to >a value which matches no possible encrypted value (it adds a ´!´ at the beginning of the >password).

Note that this does not disable the account. The user may still be able to login using >another authentication token (e.g. an SSH key). To disable the account, administrators >should use usermod --expiredate 1 (this set the account´s expire date to Jan 2, 1970).

Users with a locked password are not allowed to change their password.

-u, --unlock

Unlock the password of the named account. This option re-enables a password by changing >the password back to its previous value (to the value before using -l option, by removing the leading ´!´).

Hope this cut and paste from the man page clarifies things.

Solution 2

If you are using the Desktop version, just click System -> Administration -> Users and Groups. Select a user and click advanced settings, then look for 'Disable Account' checkbox on the advanced tab.

If not, you can find the information by hand - the /etc/shadow file has each user's hashed password in the second field (its colon separated). If the password field starts with ! or *, that account is locked.

You can lock and unlock with "passwd -l username" and "passwd -u username"

11,218

morpheous

Updated on September 17, 2022

Comments

morpheous over 1 year
I created some users on my Ubuntu 10.0.4 machine a long time ago (whilst experimenting). Some of these users can login to the system, and others were prevented from login in. I can't remeber which ones can login. I have the following questions:
- How do I find out which users may login to the machine?
- How may I disable an existing user account from login in?
- How may I re-enable a previously (login) disabled user account so it an login again?
morpheous over 13 years

Thanks for the answer. Could you clarify this though: By 'locking' the account, this means that the user still exists on the system (i.e. can own files etc), but can no longer log into the system - right?
Johan over 13 years

Yes, that is true. Password is disabled, but login with ssh keys are still possible.
Johan over 13 years

Are you sure that you don't mean -l/-u and not -L/-U?
Nathan O'Sullivan over 13 years

You are correct Johan, fixed