How to block, lock, or deny access to a user into Linux

This post was originally published on go2linux.org, a Linux blog I ran from 2007 to 2011. The domain is no longer mine, but I am the original author. I am republishing it here on garron.me with corrections and improvements.

Introduction

If you need to block a user and do not allow him / her to log into your Linux system, maybe because she is a user who stopped working at your organization, or because she was moved to other department, or any other reason.

I’m going to show how to do it temporarily as to do it permanent you just need to erase the user account.

Temporarily lock a user out of a Linux machine We’ll use passwd command, and the syntax is:

passwd -l [user]

So let’s imagine the user’s username is “Jennifer”. The first step is to block the user loggin.

passwd -l jennifer

Next, in case the user has the option to log into the system using ssh keys, you may move her keys to other location.

mv /home/jennifer/.ssh /home/jennifer/temporarily-locked

Once, Jennifer has permission to log into the Linux server again just run:

mv /home/jennifer/temporarily-locked /home/jennifer/.ssh

And:

passwd -u jennifer

She now has the option to log in again.