On 3/18/07, Roberto C. Sanchez <roberto@connexer.com
> wrote:
On Sun, Mar 18, 2007 at 12:18:55AM +0800, Wei Chen wrote:
> Hi,
>
> I recently found ways that can lock user accounts on the local machine,
> including "passwd -l" and "usermod -L".
>
> I am wondering now what is the difference between the two commands and which
> one is preferred (or standard, or more widely used). Thanks.
passwd(1):
User accounts may be locked and unlocked with the -l and -u flags. The
-l option disables an account by changing the password to a value which
matches no possible encrypted value. The -u option re-enables an
account by changing the password back to its previous value.
usermod(1):
-L Lock a user's password. This puts a '!' in front of the
encrypted password, effectively disabling the password. You
can't use this option with -p or -U.
They more than likely do the same exact thing, if for no other reason than
for compatibility. Either way, they both lock an account by making the
hashed password value one that connot match any possible hash.
Will there be problem if I lock an account with one program and unlock with
another?
BTW, both methods lock shells as well as ftp and sftp. Changing the shell to
/usr/sbin/nologin allows ftp but still prevents sftp.
Is there a method that locks shell but allows ftp and sftp? Thanks.
Regards,
-Roberto
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG
v1.4.1 (GNU/Linux)
iD8DBQFF/Bct5SXWIKfIlGQRAsB0AKCLs/uoTxkHSpX6M5SXQSUD4I+TAQCgvv+L
Eu1fAsocFvDZQD5EYnR2M/w=
=NBbi
-----END PGP SIGNATURE-----