≡ Menu

CentOS / RHEL: Set Accounts To Disable After Password Expiration

How do I automatically disable user accounts after 30 days after password expiration date under CentOS / Fedora / Red Hat / RHEL / Scientific Linux server operating systems?

You can use usermod or passwd command to disable existing user accounts. For new user accounts edit /etc/default/useradd file. The date on which the user account will be disabled is defined using the following syntax while adding user account:

useradd -e YYYY-MM-DD -option1 -option 2username

If -e not specified, useradd command will use the default expiry date specified by the EXPIRE variable in /etc/default/useradd, or an empty string (no expiry) by default. Edit /etc/default/useradd, enter:
# vi /etc/default/useradd
Set it as follows:


Save and close the file. The number of days after a password expires until the account is permanently disabled is now set to 30. A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature. If INACTIVE=60 and if the password is about to expire, then 60 days remain until the account is automatically disabled.

How do I disable existing user account?

The syntax is:

passwd -l userNameHere


usermod -L -e 1 userNameHere


usermod -L -e 1970-01-01 userNameHere

The last syntax is recommended. See man page for more details:
man passwd
man useradd
man usermod

See also

{ 3 comments… add one }

  • Anonymous User January 14, 2014, 4:32 pm

    Now when we say “permanently disabled”, do we mean PERMANENT? Or can root re-enable the user?

    • SV February 8, 2014, 8:19 pm

      The only way to permanently disable an account is to remove it. The commands above disable the account for use. The root or superuser can always undo the above commands.

  • aref ghobadi August 17, 2015, 4:08 pm

    thanks, very nice article

Leave a Comment

   Tagged with: , , , ,