HOWTO check if a user account is blocked against /etc/shadow
Use chage -l
to see a decoded interpretation of the aging information. The user name is expected as the argument. If you are interrogating your own account, no special privileges are requried. Otherwise use sudo chage -l someaccount
.
When an account is locked, the password field of /etc/shadow
will begin with an exclamation point. The remaining characters in the string are the password before the lock was applied.
![Andres](https://i.stack.imgur.com/4zE5E.gif?s=256&g=1)
Andres
Updated on September 18, 2022Comments
-
Andres almost 2 years
After set the Account Expire parameter on /etc/shadow (field #7) to 90 days,I need to know where to look around if an user account is locked down or not after those amount of days.
Right now, the only solid way which I did find to do that is just seeing the message that says the account is expired when the user tries to do ssh against the server.
Any ideas on how to check that from inside the server?
I'm using a Red Hat (Santiago) one.
-
Andres about 10 yearsThat's what I was expected to see, but -sadly- there's no change over /etc/shadow entry for an account which has more that 90 days of inactivity. chage command says ' never expires ' for an account that should be locked for the same reason (more than 90 days...)