How to check the lock status of any user account in Linux


Tips and Tricks

In this article I will share different methods to check the lock status of a user in Linux or Unix environment. Using these commands and methods you can identify if your user is locked and needs to be unlocked.

The user would need root level access or sudo access to execute most of the commands explained in this tutorial.

 

Case 1: Password Locked

In this case the password of any account is locked using the below command
To lock the password

# passwd -l user1
Locking password for user user1.
passwd: Success

Review the status in /etc/shadow

# grep user1 /etc/shadow user1:!!$6$ciJaoDR9$Qpt9sctRLjbZ4/Agxy9UOvu/XQqNrFo9rpgfZ/xrF/8JphkEvF29ITpef0SVLdJcrpv8Q/.6mRAHee4tZT0r11:16299:0:99999:7:::

As you can see above two exclamation mark (!!) before the encrypted password which means that the password has been locked
To unlock the password

# passwd -u user1
Unlocking password for user user1.
passwd: Success

 

Case 2: Account is Locked

In this case the user account might have been locked by the administrator
To lock an account

# usermod -L user1

Review your /etc/shadow file for the changes

# grep user1 /etc/shadow
user1:!$6$ciJaoDR9$Qpt9sctRLjbZ4/Agxy9UOvu/XQqNrFo9rpgfZ/xrF/8JphkEvF29ITpef0SVLdJcrpv8Q/.6mRAHee4tZT0r11:16299:0:99999:7:::

As you see an extra single exclamation mark(!) appeared in the password section before the encrypted password starts which signifies that the user account is locked
To unlock a user account

# usermod -U user1

 

Case 3: Password never set

This can also be the scenario where the administrator has not assigned any password due to which the user is not able to login
So to verify this again you need to check your /etc/shadow file

# grep user1 /etc/shadow
user1:!!:16299:0:99999:7:::

As you see two exclamation mark(!!) is there but no encrypted password which means a password is not set.
If the password was set without lock your /etc/shadow would look like something below

# grep user1 /etc/shadow
user1:$6$ciJaoDR9$Qpt9sctRLjbZ4/Agxy9UOvu/XQqNrFo9rpgfZ/xrF/8JphkEvF29ITpef0SVLdJcrpv8Q/.6mRAHee4tZT0r11:16299:0:99999:7:::

 

How to Lock and Unlock Linux User Account?

We can lock a user account using usermod command with -L argument.

usermod -L <username>

To unblock user in such situation you can use usermod -U <username>.

usermod -U user1

 

Different methods to check the lock status of any Linux Account

1. Using passwd -S Command

We can use passwd -S command to check the lock status.

passwd -S user1

Output from Rocky Linux where we can see user's password is locked.

How to check the lock status of any user account in Linux

Output from Ubutnu environment, Here L means the user account is locked.

How to check the lock status of any user account in Linux

If the user account is unlocked you will output like below on Rocky Linux:

How to check the lock status of any user account in Linux

Output from Ubuntu when user account is unlocked, Here P means that account is unlocked.

How to check the lock status of any user account in Linux

 

2. Checking Lock Status Using /etc/shadow File

You can grep or search for your user inside /etc/shadow file and look for ! symbol in the second field of the user's row. The ! (exclamation mark) symbol indicates that user account is explicitly locked by someone.

root@server:~# grep user1 /etc/shadow
user1:!$y$j9T$hO.2hCqDZq3IzYpqJzR0r0$NYFsfk.iFBPk4okUl0oHAtHPyjAE9B7D5XSanW70LW6:20004:0:99999:7:::

If ! is missing then that would mean that user account is in unlock state.

NOTE:
Look out for either ! or * as ! indicates that user account is locked and * indicates that user account is disabled.

 

3. Check if account is locked due to wrong password

It is possible that your system is configured to use pam_tally2 or faillock to implement user lockout when the user attempts to login with failed or incorrect password n number of times.

You can refer to these article which cover the usage and implementation of faillock:

In such cases depending upon the tool you are using, for example in my case faillock command to check the number of failed login attempts:

faillock --user user1

This command will show the failed login attempts for user1:

How to check the lock status of any user account in Linux

Next you can check your configuration for maximum failed login allowed before locking the user

grep faillock /etc/pam.d/system-auth

You may have to check this in /etc/pam.d/system-auth, /etc/pam.d/password-auth and /etc/pam.d/common-auth depending upon your distro and requirement.

For example in my case I have setup default value as 5 so after 5 failed login attempts, the user will be locked:

[root@server ~]# grep faillock /etc/pam.d/system-auth
auth required pam_faillock.so preauth silent audit deny=5 unlock_time=900
auth [default=die] pam_faillock.so authfail audit deny=5 unlock_time=900
account required pam_faillock.so

 

Deepak Prasad

Deepak Prasad

He is the founder of GoLinuxCloud and brings over a decade of expertise in Linux, Python, Go, Laravel, DevOps, Kubernetes, Git, Shell scripting, OpenShift, AWS, Networking, and Security. With extensive experience, he excels in various domains, from development to DevOps, Networking, and Security, ensuring robust and efficient solutions for diverse projects. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

Leave a Comment