CentOS / RHEL: Set Accounts To Disable After Password Expiration

by on December 1, 2012 · 2 comments· LAST UPDATED December 1, 2012

in ,

How do I automatically disable user accounts after 30 days after password expiration date under CentOS / Fedora / Red Hat / RHEL / Scientific Linux server operating systems?

Tutorial details
DifficultyEasy (rss)
Root privilegesYes
RequirementsRHEL and friends
Estimated completion timeN/A

You can use usermod or passwd command to disable existing user accounts. For new user accounts edit /etc/default/useradd file. The date on which the user account will be disabled is defined using the following syntax while adding user account:

useradd -e YYYY-MM-DD -option1 -option 2username

If -e not specified, useradd command will use the default expiry date specified by the EXPIRE variable in /etc/default/useradd, or an empty string (no expiry) by default. Edit /etc/default/useradd, enter:
# vi /etc/default/useradd
Set it as follows:

INACTIVE=30

Save and close the file. The number of days after a password expires until the account is permanently disabled is now set to 30. A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature. If INACTIVE=60 and if the password is about to expire, then 60 days remain until the account is automatically disabled.

How do I disable existing user account?

The syntax is:

 
passwd -l userNameHere
 

OR

 
usermod -L -e 1 userNameHere
 

OR

 
usermod -L -e 1970-01-01 userNameHere
 

The last syntax is recommended. See man page for more details:
man passwd
man useradd
man usermod

See also
TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 2 comments… read them below or add one }

1 Anonymous User January 14, 2014 at 4:32 pm

Now when we say “permanently disabled”, do we mean PERMANENT? Or can root re-enable the user?

Reply

2 SV February 8, 2014 at 8:19 pm

The only way to permanently disable an account is to remove it. The commands above disable the account for use. The root or superuser can always undo the above commands.

Reply

Leave a Comment

Tagged as: , , , ,

Previous Faq:

Next Faq: