Ok.. Lets start with creating a group called “dba” and create user “oracle” belongs to “dba” group. We could see that from “/etc/passwd” that oracle user id is 1521 and primary group id is 5000.
But we haven’t set the password yet for “oracle” user. If we watch closely “/etc/shadow” password the second column is !! which suggests no password set. So lets set password and check again.
If you want to see password expiry, last change details #chage -l <user>. We can update the password expiry days using #chage -M <user>. Special number 99999 is it never expires which we want for most of the service accounts. You can also make account never expire using #chage -E -1 <user>
We can lock the password so that user can not login using password #passwd -l <user>. If the password is locked then we can see double exclamation marks !! in the starting of second column.
Lets try logging into the account while the password is locked.
Unlock the password #passwd -u <user> and try again. We can also see the number of failed attempts.
While the password is locked user not allowed to change password.
While the password is locked user is still allowed to login using different mechanism – for e.g. SSH keys.
Check the lock status #passwd -S <user>
Lock the account #usermod -L <user>. Note the sing exclamation mark (!) starting at second column.
Unlocak the account #usermod -U <user>
Lets make the account expired so that no one can login using any way ( password, ssh ).#chage -E 0 <user> expires the account.
Try logging again and it comes with the message “Your account has expired”