I made a user once with the --disabled-login command. I then had to change the password so I could login to the user and test some stuff. I do now want to disable the login again, and I saw this post:
what does `adduser --disabled-login` do?
So I used sudo passwd user and then set it to !. However, when I tried to login I could login using the password !. So how do I disable it again?
Note that I also tried * as password.
I think that your confusion stems from the fact you don't understand what ! does.
Encrypted passwords are stored in /etc/shadow. For example, after
creating a new user named new-user and giving it 12345678 password
we get this entry:
$ sudo cat /etc/shadow
(...)
new-user:$6$zVbJcpZE$Bqnxr5cDkwjKOE06iAZu7/qIuH9UGXex28TU/aD0osft9DfdPVzcVwq2j410YxoPlZR310.heZyxaQq4iwWy9.:18038:0:99999:7:::
You can now switch to new-user by doing su new-user and typing
12345678 as the password. You can disable a password for
new-user by prepending it with ! like that:
$ sudo cat /etc/shadow
(...)
new-user:!$6$zVbJcpZE$Bqnxr5cDkwjKOE06iAZu7/qIuH9UGXex28TU/aD0osft9DfdPVzcVwq2j410YxoPlZR310.heZyxaQq4iwWy9.:18038:0:99999:7:::
From now on you will not be able to switch to new-user even after
providing the correct password:
$ su new-user
Password:
su: Authentication failure
Notice though that modifying /etc/shadow manually is very dangerous
and not recommended. You can achieve the same with sudo passwd -l new-user. As man passwd says:
-l, --lock Lock the password of the named account. This option disables a password by changing it to a value which matches no possible encrypted value (it adds a ´!´ at the beginning of the password).
For example:
$ sudo passwd -l new-user
passwd: password expiry information changed.
However, notice that passwd -l does not disable the account, it
only disables password and that means that user can still log in the
system using other methods as man passwd explains:
Note that this does not disable the account. The user may still be able to login using another authentication token (e.g. an SSH key). To disable the account, administrators should use usermod --expiredate 1 (this set the account's expire date to Jan 2, 1970).Users with a locked password are not allowed to change their password.
Looks like you misunderstood what's going on when there is a * or ! as the "password value" in /etc/shadow. You can't achieve this by actually changing your password to a single-character * or !. Such single-character values are the result of locking the user account with commands such as usermod -L.
If you want to know more, please read : Exclamation marks and asterisks in the password field.
You're looking for usermod --lock.
/bin/falseso that each daemon can be run on the behalf of different user. How exactly do you check that services that uses that account you've just modified are no longer working? – Arkadiusz Drabczyk May 22 '19 at 11:58passwd -u useragain, the services works after reboot. I solved this bysudo adduser --disabled-login test-userand then manually editing /etc/shadow and copy paste w/e was aftertest-userand put it after the user I wanted to disable. That is I just removed the hash after!– Jesper.Lindberg May 22 '19 at 15:42ps aux? – Arkadiusz Drabczyk May 22 '19 at 15:52!inshadow. Not sure why this specific service do not work but I have a solution that do work so thanks for the help :) – Jesper.Lindberg May 22 '19 at 16:40