How to lock & unlock multiple users in Linux

[x32x01]

‘usermod’ & ‘passwd’ commands are used to lock or unlock one user account at a time, but you may need to write some small shell scripts to perform this action on multiple user accounts.

In this tutorial, we will explain how to lock and unlock multiple user accounts simultaneously in Linux, using a shell script.

What is passwd command?
The passwd command is one of the most frequently used command by Linux administrator to update user’s authentication tokens in the /etc/shadow file by calling the Linux-PAM and Libuser API.

What is usermod command?
The ‘usermod’ command is often used by Linux administrators to modify a given user account information. It is primarily used to add a user to a specific group.

Creating shell scripts
We will create the following three shell scripts to lock and unlock multiple accounts at once.

• Create a script to lock users
• Create a script to check the status of locked or unlocked users
• Create a script to unlock users

Make a list of users that need to be locked or unlocked, and each user must be in a separate line.

$ cat user-lists.txt
u1
u2
u3
u4
u5

1) Locking multiple users in Linux
Use the following shell script to lock multiple user accounts in Linux.

# user-lock.sh

#!/bin/bash
for user in `cat user-lists.txt`
do
passwd -l $user
done

Set an executable permission to user-lock.sh file.

# chmod + user-lock.sh

Finally, run the script to lock the list of users available in the file.

# sh user-lock.sh

Locking password for user u1.
passwd: Success
Locking password for user u2.
passwd: Success
Locking password for user u3.
passwd: Success
Locking password for user u4.
passwd: Success
Locking password for user u5.
passwd: Success

2) Checking status of multiple locked users in Linux
Use the following shell script to check the status of the locked user accounts:

# vi user-lock-status.sh

#!/bin/bash
for user in `cat user-lists.txt`
do
passwd -S $user
done

Set an executable permission to user-lock-status.sh file:

# chmod + user-lock-status.sh

Finally, run the script to check if all users have been successfully locked:

# sh user-lock-status.sh

u1 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u2 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u3 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u4 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u5 LK 2019-06-10 0 99999 7 -1 (Password locked.)

If the output above shows 'LK' after the username, the user’s password is locked.

3) Unlocking multiple users in Linux
Use the following shell script to unlock multiple user accounts in Linux:

# user-unlock.sh

#!/bin/bash
for user in `cat user-lists.txt`
do
passwd -u $user
done

Set an executable permission to user-unlock.sh file:

# chmod + user-unlock.sh

Finally, run the script to unlock the list of users available in the file:

# sh user-unlock.sh

Unlocking password for user u1.
passwd: Success
Unlocking password for user u2.
passwd: Success
Unlocking password for user u3.
passwd: Success
Unlocking password for user u4.
passwd: Success
Unlocking password for user u5.
passwd: Success

Once unlocked, run the following shell script user-lock-status.sh to check if all users have been successfully unlocked:

# sh user-lock-status.sh

u1 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u2 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u3 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u4 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u5 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)

If the above output shows 'PS' after the username, then the user’s password is not locked.

Conclusion
In this tutorial, you learned how to lock and unlock multiple user accounts simultaneously on Linux using the shell script.

If you have any questions or feedback, please leave a comment below.