User Management

Disable All User Login Access

There are occasions when you want to make sure users can not log into a system.  This can be due to a maintenance period or I have used it as part of the process for retiring a system.  It is simple enough but I thought it worth documenting for prosperity.

# cd /{root of user home directory}
# ls -al | awk '{print $3}' | grep -v -e '^$' | grep -v {account exceptions} |while read a;do usermod -s /sbin/nologin $a;done;

To break down possibly the non-obvious part down:

grep -v -e '^$'

This removes any blank lines from the output.  The rest should be self-explanatory, if it isn’t ask in the comments section.

Don’t forget to add your account to the exception list, and it is always a good idea to test the output first.  To reverse the process change /sbin/nologin to /bin/bash.