Disabling/Removing a User

A user account can be temporarily disabled or permanently removed.

To temporarily disable (lock) a user account, there is no need to change his/her password. Just put an asterisk "*" at the beginning of the second field (before the encrypted password) in the file /etc/shadow. The "*" means that no login is permitted for this account. When you want to restore the account, you just erase the asterisk and the user account is back in operation, with its old password.

Here is an example entry from the file /etc/shadow with the password disabled for user "peter":

peter:*$1$narMEFm6$fhA1puOU422HiSL5aggLI/:11193:0:99999:7:-1:-1:134539228

I could also lock a user account with the following command:

passwd peter -l

and unlock it with

passwd peter -u

To irreversibly remove a user account from my home computer, I do the following:

• login as root

• change my identity to the user to be removed, to check if there is any new important mail:

su doomed_user_login_name

mail

logout

• delete the user account and group

userdel doomed_user_login_name

groupdel doomed_user_login_name

• Remove the user affiliation to any supplementary groups:

usermod -G doomed_user_login_name doomed_user_login_name

• force-delete the user home directory with all its contents including any subdirectories:

rm -fr /home/doomed_user_login_name