* Ron Johnson ([EMAIL PROTECTED]) spake thusly: > Hi, > > On a multi-user system, how can I "turn off" an account? Not > remove it, though, since at a later time, it will have to be > re-enabled? While we're at it, how to you re-enable a disabled > account?
File a bug against passwd, tell them to rewrite shadow(5) and passwd(5) manpages. Generally, anything that's not a 13-char alphanumeric string is considered a "lock" string. People usually use "*", "LK", or "NP". Pick one and put it in password field in /etc/shadow (save original password if you plan to enable the account with original password). Note that they can still login via ssh + key auth, so remove their ~/.ssh/authorized_keys[2] if you have that (rename instead of removing, if you want to re-enable it later). Dima (assembly is the reversal of the removal procedure) -- We're sysadmins. Sanity happens to other people. -- Chris King
