root will still be able to su to the user. A test would be to su to a user that does not have root access - and try to su - to the locked user.
If you want to completely disable the account, change the default shell to /bin/false. This is a shell that doesn't exist, so will not allow root to su to it.
*LK* belongs in the second field, but again, you SHOULD NOT manually manipulate this file.
Last edited by avronius; 09-15-2008 at 02:40 PM..
Reason: added some clarity
how can I lock my keyboard while I'm away from the computer without using lock command. What other commands gives me the option to lock keyboard device?
thanks (7 Replies)
I have access to 15+ UNIX boxes at work, and I do not consistently log onto all of them over time. When I do try to access one I havent been on in awhile, my account is locked as the password has expired.
I need to request to the UNIX SA's that the password expiration is 90 days and that if it... (1 Reply)
Hi ,
I am faceing lot of problem due to "disk space is not enough".
senerio is like as,
In system has 5 account.
a,b,c,d,e
say account c if very critical.
Due to other user's data, user 'c' is faceing disk space issue.
I want to dedicate 3 GB for user 'c'.
No user... (1 Reply)
Hello all,
If anyone has time, I have a few questions:
How do I do the following in Linux. We are using Red Hat and Oracle Enterprise Linux, which is based on Red Hat too.
1. How to lock the account after a few (like 3) invalid password attempts?
2. How do you lock a screen after 30... (1 Reply)
Hi all,
I am having some issues with openssh vers OpenSSH_4.6p1 on SCO unixware 7.1.4
when a user accesses the system via ssh and the password is incorrect and more attempts have been made that the lock out limit I find that although there are messages in the syslog the account does not lock... (0 Replies)
Hi all,
I have to test some user priviliges. The goal is to be sure that an unauthorized user can't restart some modules (ssh, mysql etc...).
I'm trying to automate it with a shell script but in same cases I got the syslog broadcast message.
Is there any way to simply get a return code... (3 Replies)
I have made password less connection to my remote account. and i tried to execute commands at a time. but i am unable to execute the commands.
ssh $ACCOUNT_DETAILS@$HOST_DETAILS
cd ~/JEE/*/logs/ (1 Reply)
Discussion started by: kishored005
1 Replies
LEARN ABOUT DEBIAN
chsh
CHSH(1) User Commands CHSH(1)NAME
chsh - change login shell
SYNOPSIS
chsh [options] [LOGIN]
DESCRIPTION
The chsh command changes the user login shell. This determines the name of the user's initial login command. A normal user may only change
the login shell for her own account; the superuser may change the login shell for any account.
OPTIONS
The options which apply to the chsh command are:
-h, --help
Display help message and exit.
-R, --root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
-s, --shell SHELL
The name of the user's new login shell. Setting this field to blank causes the system to select the default login shell.
If the -s option is not selected, chsh operates in an interactive fashion, prompting the user with the current login shell. Enter the new
value to change the shell, or leave the line blank to use the current one. The current shell is displayed between a pair of [ ] marks.
NOTE
The only restriction placed on the login shell is that the command name must be listed in /etc/shells, unless the invoker is the superuser,
and then any value may be added. An account with a restricted login shell may not change her login shell. For this reason, placing /bin/rsh
in /etc/shells is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell
back to its original value.
FILES
/etc/passwd
User account information.
/etc/shells
List of valid login shells.
/etc/login.defs
Shadow password suite configuration.
SEE ALSO chfn(1), login.defs(5), passwd(5).
shadow-utils 4.1.5.1 05/25/2012 CHSH(1)