6.4. Disabling User Accounts

To disable a user account, edit, as root, the ``/etc/shadow'' file (assuming you're using shadow passwords; if not, edit the ``/etc/passwd'' file instead), and replace the password (which is stored in its encrypted form) with a ``*'' asterisk character. All Unix passwords, regardless of length (up to a maximum of 8 characters), are stored in the password file as encrypted strings of 13 characters. Therefore, by replacing the password with a single ``*'' character, it is impossible for the user to sign in.

Note: Note: This method will require you to assign a new password to the user if you re-enable the account, since the encrypted password field will have been replaced. One solution to this which seems to be popular among system administrators is to simply prefix the ``*'' asterisk character in front of the encrypted password to disable the account, and simply removing the asterisk to enable it.

For more information on the ``/etc/passwd'' and ``/etc/shadow'' files, see Section 6.6 below.