Friday, May 3, 2013

User Status in Linux - Check user is locked or unlocked

If you are using CentOS or RHEL :

If you want to check your user's account status,Run following command :
$ passwd -S "username"
Change the text username with your username whose status you want to check.
If your user is locked, it shows
(Password locked.)
If your user is unlocked, it shows
(Password set, MD5 crypt.)
List of all locked accounts :
$ awk -F: '{ system("passwd -S " $1)}' /etc/passwd | grep " LK "
List of all unlocked accounts :
$ awk -F: '{ system("passwd -S " $1)}' /etc/passwd | grep " PS "

If you are using Debian or Ubuntu :

If you are using Debian or Ubuntu and your user is locked, it shows letter L with your username.

If you are using Debian or Ubuntu and your user is unlocked, it shows letter P with your username
List of all locked accounts :
$ awk -F: '{ system("passwd -S " $1)}' /etc/passwd | grep " L "
List of all unlocked accounts :
$ awk -F: '{ system("passwd -S " $1)}' /etc/passwd | grep " P "

Note :
If you are using CentOS 7 and you run following command to list all users with status
passwd -S -a
It gives following error
passwd: bad argument -a: unknown option
 

Use following command to list all users with their status
awk -F: '{ system("passwd -S " $1)}' /etc/passwd

Error 530 : Login incorrect

There can be several reasons of this error. Please try following solutions.

1) If you are using vsftpd, check this attribute in your vsftpd.conf
     local_enable=YES
     Value of the attribute should be YES otherwise you will not be able to log-in as a user. Restart the vsftpd after any change in configuration file.

Path of the vsftpd.conf :
/etc/vsftpd.conf  (if You are using debian or ubuntu)
/etc/vsftpd/vsftpd.conf (if you are using centOS, RHEL or fedora)

2) Check your username in the file ftpusers.
If your username is in the list, you can't log into your ftp account. This file contains the list of usernames who should not log-in. Remove your username from the list and save the file. Now try to log into your ftp account.

Path of the the file ftpusers :
/etc/ftpusers  (if You are using debian or ubuntu)
/etc/vsftpd/ftpusers (if you are using centOS, RHEL or fedora)

3) Open file /etc/passwd and search your username there. If your username's line ends with /sbin/nologin (centos or RHEL) or /usr/sbin/nologin (debian or ubuntu), it means user can not log in. Change the text /sbin/nologin (centos or RHEL) or /usr/sbin/nologin (debian or ubuntu) into  /bin/bashSave the file. Now User will be able to log-in.
Name of the shell should be defined for your username in the file /etc/passwd as well as it should be in the list in file /etc/shells.

4) User should not be locked by root. If user is locked, use following command to unlock. Now try to log-in.
$ sudo passwd -u username

5) If you are using CentOS or RHEL, the port 21 should be defined in the file /etc/sysconfig/iptables. Add following line in the file and restart iptables.
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT

6) Not very funny but check once your username, password & host name carefully. :-)

Wednesday, May 1, 2013

Lock & Unlock a User Account in Linux


To Lock a user account 
$ sudo passwd -l username

To UnLock a user account
$ sudo passwd -u username

Root can log into locked account using su - username but can't log in using ssh.
Other users can't log into locked account using su - username as well as ssh.

The message is displayed when users try to access the locked account.
su: Authentication failure