Stop manually locking out stale accounts

User & Group Management

Stop manually locking out stale accounts

🧩 The Challenge

You finally got around to an audit and realized half the contractors from three years ago still have active logins. Manually running usermod -L on fifty different usernames is a massive waste of your Saturday.

💡 The Fix

Use chage to set an account expiration date or lock them out in bulk by piping a list through a quick loop. It saves you from having to remember which ones to toggle back later.

chage -E 2023-12-31 username
# Or if you have a file called old_users.txt:
xargs -I {} usermod -L {} < old_users.txt

⚙️ Why It Works

Setting an expiration date via the shadow file is way cleaner than just locking the password, because it prevents them from using SSH keys too. It handles the whole lockout logic at the authentication layer before they even get a shell prompt.

🚀 Pro-Tip: Run chage -l username first to see if they’ve actually logged in recently before you kill their access.

Linux Tips & Tricks | © ngelinux.com | 7/16/2026

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Newest
Oldest Most Voted