CentOS / RHEL: Set Accounts To Disable After Password Expiration

How do I automatically disable user accounts after 30 days after password expiration date under CentOS / Fedora / Red Hat / RHEL / Scientific Linux server operating systems?

Tutorial details
Difficulty level Easy
Root privileges Yes
Requirements RHEL and friends
Est. reading time N/A
You can use usermod or passwd command to disable existing user accounts. For new user accounts edit /etc/default/useradd file. The date on which the user account will be disabled is defined using the following syntax while adding user account:

useradd -e YYYY-MM-DD -option1 -option 2username

If -e not specified, useradd command will use the default expiry date specified by the EXPIRE variable in /etc/default/useradd, or an empty string (no expiry) by default. Edit /etc/default/useradd, enter:
# vi /etc/default/useradd
Set it as follows:

INACTIVE=30

Save and close the file. The number of days after a password expires until the account is permanently disabled is now set to 30. A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature. If INACTIVE=60 and if the password is about to expire, then 60 days remain until the account is automatically disabled.

How do I disable existing user account?

The syntax is:

passwd -l userNameHere

OR

usermod -L -e 1 userNameHere

OR

usermod -L -e 1970-01-01 userNameHere

The last syntax is recommended. See man page for more details:
man passwd
man useradd
man usermod

See also

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 3 comments so far... add one


CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
3 comments… add one
  • Anonymous User Jan 14, 2014 @ 16:32

    Now when we say “permanently disabled”, do we mean PERMANENT? Or can root re-enable the user?

    • SV Feb 8, 2014 @ 20:19

      The only way to permanently disable an account is to remove it. The commands above disable the account for use. The root or superuser can always undo the above commands.

  • aref ghobadi Aug 17, 2015 @ 16:08

    Hi
    thanks, very nice article

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum