CentOS / RHEL: Set Accounts To Disable After Password Expiration

Posted on in Categories , last updated December 1, 2012

How do I automatically disable user accounts after 30 days after password expiration date under CentOS / Fedora / Red Hat / RHEL / Scientific Linux server operating systems?


You can use usermod or passwd command to disable existing user accounts. For new user accounts edit /etc/default/useradd file. The date on which the user account will be disabled is defined using the following syntax while adding user account:

useradd -e YYYY-MM-DD -option1 -option 2username

If -e not specified, useradd command will use the default expiry date specified by the EXPIRE variable in /etc/default/useradd, or an empty string (no expiry) by default. Edit /etc/default/useradd, enter:
# vi /etc/default/useradd
Set it as follows:

INACTIVE=30

Save and close the file. The number of days after a password expires until the account is permanently disabled is now set to 30. A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature. If INACTIVE=60 and if the password is about to expire, then 60 days remain until the account is automatically disabled.

How do I disable existing user account?

The syntax is:

passwd -l userNameHere

OR

usermod -L -e 1 userNameHere

OR

usermod -L -e 1970-01-01 userNameHere

The last syntax is recommended. See man page for more details:
man passwd
man useradd
man usermod

See also

3 comment

    1. The only way to permanently disable an account is to remove it. The commands above disable the account for use. The root or superuser can always undo the above commands.

Leave a Comment