document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

heguangzhi translated

Browse Source 
heguangzhi translated
This commit is contained in:
heguangzhi 2019-06-27 09:52:52 +08:00
parent 478bf3a2b3
commit 685552f632
2 changed files with 305 additions and 307 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

307
sources/tech/20190621 Three Ways to Lock and Unlock User Account in Linux.md
View File

@ -1,307 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (heguagnzhi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Three Ways to Lock and Unlock User Account in Linux)
[#]: via: (https://www.2daygeek.com/lock-unlock-disable-enable-user-account-linux/)
[#]: author: (Magesh Maruthamuthu https://www.2daygeek.com/author/magesh/)
Three Ways to Lock and Unlock User Account in Linux
======
If password policy had already implemented in your organization, then you no need to look for this options.
However, if you had set up lock period for 24 hours, in this case you might need to unlock the users account manually.
This tutorial will help you to manually lock and unlock users account in Linux.
This can be done using the following two Linux Commands in three ways.
* **`passwd:`**The passwd command is used to update users authentication tokens. This task is achieved by calling the Linux-PAM and Libuser API
* **`usermod:`**The usermod command is used to modify/update given users account information. It used to add a user to a specific group, etc.,
To exprement this, we are choosing `daygeek` user account. Lets see, how to do step by step.
Make a note, you have to use corresponding user account which you need to lock or unlock instead of ours.
You can check the given user account is available or not in system by using `id Command`. Yes, my account is available in the system.
```
# id daygeek
uid=2240(daygeek) gid=2243(daygeek) groups=2243(daygeek),2244(ladmin)
```
### Method-1: How To Lock, Unlock and Check Status of the Given User Account in Linux Using passwd Command?
The passwd command is one of the frequently used command by Linux administrator very often.
It used to update users authentication tokens in the `/etc/shadow` file.
Run the passwd command with the `-l` switch to lock the given user account.
```
# passwd -l daygeek
Locking password for user daygeek.
passwd: Success
```
You can check the locked account status either passwd command or grep the given user name from /etc/shadow file.
Checking the user account locked status using passwd command.
```
# passwd -S daygeek
or
# passwd --status daygeek
daygeek LK 2019-05-30 7 90 7 -1 (Password locked.)
```
This will output a short information about the status of the password for a given account.
* **`LK:`**` ` Password locked
* **`NP:`**` ` No password
* **`PS:`**` ` Password set
Checking the locked user account status using `/etc/shadow` file. Two exclamation mark will be added in front of the password, if the account is already locked.
```
# grep daygeek /etc/shadow
daygeek:!!$6$tGvVUhEY$PIkpI43HPaEoRrNJSRpM3H0YWOsqTqXCxtER6rak5PMaAoyQohrXNB0YoFCmAuh406n8XOvBBldvMy9trmIV00:18047:7:90:7:::
```
Run the passwd command with the `-u` switch to unlock the given user account.
```
# passwd -u daygeek
Unlocking password for user daygeek.
passwd: Success
```
### Method-2: How To Lock, Unlock and Check Status of the Given User Account in Linux Using usermod Command?
Even, the usermod command also frequently used by Linux administrator very often.
The usermod command is used to modify/update given users account information. It used to add a user to a specific group, etc.,
Run the usermod command with the `-L` switch to lock the given user account.
```
# usermod --lock daygeek
or
# usermod -L daygeek
```
You can check the locked account status either passwd command or grep the given user name from /etc/shadow file.
Checking the user account locked status using passwd command.
```
# passwd -S daygeek
or
# passwd --status daygeek
daygeek LK 2019-05-30 7 90 7 -1 (Password locked.)
```
This will output a short information about the status of the password for a given account.
* **`LK:`**` ` Password locked
* **`NP:`**` ` No password
* **`PS:`**` ` Password set
Checking the locked user account status using /etc/shadow file. Two exclamation mark will be added in front of the password, if the account is already locked.
```
# grep daygeek /etc/shadow
daygeek:!!$6$tGvVUhEY$PIkpI43HPaEoRrNJSRpM3H0YWOsqTqXCxtER6rak5PMaAoyQohrXNB0YoFCmAuh406n8XOvBBldvMy9trmIV00:18047:7:90:7:::
```
Run the usermod command with the `-U` switch to unlock the given user account.
```
# usermod --unlock daygeek
or
# usermod -U daygeek
```
### Method-3: How To Disable, Enable SSH Access To the Given User Account in Linux Using usermod Command?
Even, the usermod command also frequently used by Linux administrator very often.
The usermod command is used to modify/update given users account information. It used to add a user to a specific group, etc.,
Alternativly this can be done by assigning the `nologin` shell to the given user. To do so, run the below command.
```
# usermod -s /sbin/nologin daygeek
```
You can check the locked user account details by greping the given user name from /etc/passwd file.
```
# grep daygeek /etc/passwd
daygeek:x:2240:2243::/home/daygeek:/sbin/nologin
```
We can enable the user ssh access by assigning back to the old shell.
```
# usermod -s /bin/bash daygeek
```
### How To Lock, Unlock and Check Status of Multiple User Account in Linux Using Shell Script?
If you would like to lock/unlock more than one account then you need to look for script.
Yes, we can write a small shell script to perform this. To do so, use the following shell script.
Create The Users list. Each user should be in separate line.
```
$ cat user-lists.txt
u1
u2
u3
u4
u5
```
Use the following shell script to lock multiple users account in Linux.
```
# user-lock.sh
#!/bin/bash
for user in `cat user-lists.txt`
do
passwd -l $user
done
```
Set an executable permission to `user-lock.sh` file.
```
# chmod + user-lock.sh
```
Finally run the script to achieve this.
```
# sh user-lock.sh
Locking password for user u1.
passwd: Success
Locking password for user u2.
passwd: Success
Locking password for user u3.
passwd: Success
Locking password for user u4.
passwd: Success
Locking password for user u5.
passwd: Success
```
Use the following shell script to check locked users account in Linux.
```
# vi user-lock-status.sh
#!/bin/bash
for user in `cat user-lists.txt`
do
passwd -S $user
done
```
Set an executable permission to `user-lock-status.sh` file.
```
# chmod + user-lock-status.sh
```
Finally run the script to achieve this.
```
# sh user-lock-status.sh
u1 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u2 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u3 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u4 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u5 LK 2019-06-10 0 99999 7 -1 (Password locked.)
```
Use the following shell script to unlock multiple users account in Linux.
```
# user-unlock.sh
#!/bin/bash
for user in `cat user-lists.txt`
do
passwd -u $user
done
```
Set an executable permission to `user-unlock.sh` file.
```
# chmod + user-unlock.sh
```
Finally run the script to achieve this.
```
# sh user-unlock.sh
Unlocking password for user u1.
passwd: Success
Unlocking password for user u2.
passwd: Success
Unlocking password for user u3.
passwd: Success
Unlocking password for user u4.
passwd: Success
Unlocking password for user u5.
passwd: Success
```
Run the same shell script `user-lock-status.sh` to check these locked user accounts got unlocked in Linux.
```
# sh user-lock-status.sh
u1 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u2 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u3 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u4 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u5 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
```
--------------------------------------------------------------------------------
via: https://www.2daygeek.com/lock-unlock-disable-enable-user-account-linux/
作者:[Magesh Maruthamuthu][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.2daygeek.com/author/magesh/
[b]: https://github.com/lujun9972

305
translated/tech/20190621 Three Ways to Lock and Unlock User Account in Linux.md Normal file
View File

@ -0,0 +1,305 @@
[#]: collector: (lujun9972)
[#]: translator: (heguagnzhi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Three Ways to Lock and Unlock User Account in Linux)
[#]: via: (https://www.2daygeek.com/lock-unlock-disable-enable-user-account-linux/)
[#]: author: (Magesh Maruthamuthu https://www.2daygeek.com/author/magesh/)
在Linux中锁定和解锁用户帐户的三种方法
======
如果密码策略已经在你的组织中实施了,你无需看这篇文章了。
但是在这种情况下如果你设置了24小时的锁定期你需要手动解锁用户帐户。
本教程将帮助你在Linux中手动锁定和解锁用户帐户。
这可以通过三种方式使用以下两个 Linux 命令来完成。
* **`passwd:`** passwd 命令用于更新用户的身份验证令牌。这个任务是通过调用 Linux-PAM 和 Libuser API 来实现。
* **`usermod:`** usermod 命令用于修改/更新给定用户的帐户信息。它用于将用户添加到特定的组中,等等其他功能,
为了说明这一点,我们选择 `daygeek` 用户帐户。让我们看看,怎么一步步来实现的。
请注意,你必须使用你需要锁定或解锁的用户的帐户,而不是我们自己的帐户。
您可以使用 `id Command` 检查给定的用户帐户在系统中是否可用。是的,我的帐户在系统中是可用的。
```
# id daygeek
uid=2240(daygeek) gid=2243(daygeek) groups=2243(daygeek),2244(ladmin)
```
### 方法1: 如何使用 passwd 命令锁定、解锁和检查 Linux 中给定用户帐户的状态?
passwd 命令是 Linux 管理员经常使用的命令之一。
它用于更新 `/etc/shadow` 文件中用户的身份验证令牌。
使用 `-l` 开关运行 passwd 命令,锁定给定的用户帐户。
```
# passwd -l daygeek
Locking password for user daygeek.
passwd: Success
```
你可以通过 passwd 命令或从 /etc/shadow 文件中获取给定用户名来检查锁定的帐户状态。
使用 passwd 命令检查用户帐户锁定状态。
```
# passwd -S daygeek
or
# passwd --status daygeek
daygeek LK 2019-05-30 7 90 7 -1 (Password locked.)
```
将输出给定帐户密码状态的简短信息。
* **`LK:`**` ` 密码锁定
* **`NP:`**` ` 没有密码
* **`PS:`**` ` 密码设置
使用 `/etc/shadow` 文件检查锁定的用户帐户状态。如果帐户已被锁定,密码前面将添加两个感叹号。
```
# grep daygeek /etc/shadow
daygeek:!!$6$tGvVUhEY$PIkpI43HPaEoRrNJSRpM3H0YWOsqTqXCxtER6rak5PMaAoyQohrXNB0YoFCmAuh406n8XOvBBldvMy9trmIV00:18047:7:90:7:::
```
使用 `-u` 开关运行 passwd 命令,解锁给定的用户帐户。
```
# passwd -u daygeek
Unlocking password for user daygeek.
passwd: Success
```
### 方法2:如何使用 usermod 命令在 Linux 中锁定、解锁和检查给定用户帐户的状态?
甚至usermod 命令也经常被 Linux 管理员使用。
usermod 命令用于修改/更新给定用户的帐户信息。它用于将用户添加到特定的组中,等等。,
使用 `-L` 开关运行 usermod 命令,锁定给定的用户帐户。
```
# usermod --lock daygeek
or
# usermod -L daygeek
```
你可以通过 passwd 命令或从 /etc/shadow 文件中获取给定用户名来检查锁定的帐户状态。
使用 passwd 命令检查用户帐户锁定状态。
```
# passwd -S daygeek
or
# passwd --status daygeek
daygeek LK 2019-05-30 7 90 7 -1 (Password locked.)
```
这将输出给定帐户密码状态的简短信息。
* **`LK:`**` ` Password locked
* **`NP:`**` ` No password
* **`PS:`**` ` Password set
使用 /etc/shadow 文件检查锁定的用户帐户状态。如果帐户已被锁定,密码前面将添加两个感叹号。
```
# grep daygeek /etc/shadow
daygeek:!!$6$tGvVUhEY$PIkpI43HPaEoRrNJSRpM3H0YWOsqTqXCxtER6rak5PMaAoyQohrXNB0YoFCmAuh406n8XOvBBldvMy9trmIV00:18047:7:90:7:::
```
使用 `-U` 开关运行 usermod 命令以解锁给定的用户帐户。
```
# usermod --unlock daygeek
or
# usermod -U daygeek
```
###方法-3:如何在 Linux 中使用 usermod 命令禁用、启用对给定用户帐户的 SSH 访问?
甚至usermod 命令也是经常被 Linux 管理员使用的命令。
usermod 命令用于修改/更新给定用户的帐户信息。它用于将用户添加到特定的组中,等等。,
或者,这可以通过将 `nologin` shell 分配给给定用户来完成。为此,可以运行以下命令。
```
# usermod -s /sbin/nologin daygeek
```
You can check the locked user account details by greping the given user name from /etc/passwd file.
你可以通过从 /etc/passwd 文件中给定用户名来检查锁定的用户帐户详细信息。
```
# grep daygeek /etc/passwd
daygeek:x:2240:2243::/home/daygeek:/sbin/nologin
```
我们可以通过分配回原来的 shell 来启用用户 ssh 访问。
```
# usermod -s /bin/bash daygeek
```
###如何使用 shell 脚本锁定、解锁和检查 Linux 中多个用户帐户的状态?
如果你想锁定/解锁多个帐户,那么你需要寻找脚本。
是的,我们可以编写一个小的 shell 脚本来执行这个操作。为此,请使用以下 shell 脚本。
创建用户列表。每个用户信息在单独的行中。
```
$ cat user-lists.txt
u1
u2
u3
u4
u5
```
使用以下 shell 脚本锁定 Linux中 的多个用户帐户。
```
# user-lock.sh
#!/bin/bash
for user in `cat user-lists.txt`
do
passwd -l $user
done
```
将`user-lock.sh` 文件设置为可执行权限 。
```
# chmod + user-lock.sh
```
最后运行脚本来实现这一点。
```
# sh user-lock.sh
Locking password for user u1.
passwd: Success
Locking password for user u2.
passwd: Success
Locking password for user u3.
passwd: Success
Locking password for user u4.
passwd: Success
Locking password for user u5.
passwd: Success
```
使用以下 shell 脚本检查锁定的用户帐户。
```
# vi user-lock-status.sh
#!/bin/bash
for user in `cat user-lists.txt`
do
passwd -S $user
done
```
设置 `user-lock-status.sh` 可执行权限。
```
# chmod + user-lock-status.sh
```
最后运行脚本来实现这一点。
```
# sh user-lock-status.sh
u1 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u2 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u3 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u4 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u5 LK 2019-06-10 0 99999 7 -1 (Password locked.)
```
使用下面的 shell 脚本来解锁多个用户。
```
# user-unlock.sh
#!/bin/bash
for user in `cat user-lists.txt`
do
passwd -u $user
done
```
设置 `user-unlock.sh` 可执行权限。
```
# chmod + user-unlock.sh
```
最后运行脚本来实现这一点。
```
# sh user-unlock.sh
Unlocking password for user u1.
passwd: Success
Unlocking password for user u2.
passwd: Success
Unlocking password for user u3.
passwd: Success
Unlocking password for user u4.
passwd: Success
Unlocking password for user u5.
passwd: Success
```
运行相同的 shell 脚本 `user-lock-status.sh` ,检查这些锁定的用户帐户在 Linux 中是否被解锁。
```
# sh user-lock-status.sh
u1 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u2 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u3 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u4 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u5 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
```
--------------------------------------------------------------------------------
via: https://www.2daygeek.com/lock-unlock-disable-enable-user-account-linux/
作者:[Magesh Maruthamuthu][a]
选题:[lujun9972][b]
译者:[heguangzhi](https://github.com/heguangzhi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.2daygeek.com/author/magesh/
[b]: https://github.com/lujun9972