CentOS / RHEL: Set Accounts To Disable After Password Expiration

in Categories , last updated December 1, 2012

How do I automatically disable user accounts after 30 days after password expiration date under CentOS / Fedora / Red Hat / RHEL / Scientific Linux server operating systems?


You can use usermod or passwd command to disable existing user accounts. For new user accounts edit /etc/default/useradd file. The date on which the user account will be disabled is defined using the following syntax while adding user account:

useradd -e YYYY-MM-DD -option1 -option 2username

If -e not specified, useradd command will use the default expiry date specified by the EXPIRE variable in /etc/default/useradd, or an empty string (no expiry) by default. Edit /etc/default/useradd, enter:
# vi /etc/default/useradd
Set it as follows:

INACTIVE=30

Save and close the file. The number of days after a password expires until the account is permanently disabled is now set to 30. A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature. If INACTIVE=60 and if the password is about to expire, then 60 days remain until the account is automatically disabled.

How do I disable existing user account?

The syntax is:

passwd -l userNameHere

OR

usermod -L -e 1 userNameHere

OR

usermod -L -e 1970-01-01 userNameHere

The last syntax is recommended. See man page for more details:
man passwd
man useradd
man usermod

See also

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Share this on (or read 3 comments/add one below):

3 comment

  1. Now when we say “permanently disabled”, do we mean PERMANENT? Or can root re-enable the user?

    1. The only way to permanently disable an account is to remove it. The commands above disable the account for use. The root or superuser can always undo the above commands.

    Have a question? Post it on our forum!