LFCS Question #490: Real Exam Question with Answer & Explanation

Question

Of the ways listed, which is the best way to temporarily suspend a single user's ability to interactively login?

Options

• AAdd the user name to /etc/nologin.
• BChange the user's password.
• CChange the user name in /etc/passwd.
• DUse chage to expire the user account.
• EPlace the command logout in the user's profile.

Explanation

Expiring a user account using the chage command is the most effective and reversible way to temporarily suspend a single user's interactive login ability.

Common mistakes.

• A. The /etc/nologin file prevents all non-root users from logging in with a specific message, making it a system-wide lock, not a method for a single user.
• B. Changing the user's password prevents them from logging in, but it's not a "temporary suspension" in the sense that their password is now different. It requires another password change to restore access, which is less graceful than an expiration date.
• C. Changing the user name in /etc/passwd would corrupt the user's account and is not a temporary suspension method; it would effectively disable the account entirely in an ungraceful way.
• E. Placing logout in a user's profile script would allow them to log in briefly before being logged out, which is not a complete suspension of their ability to interactively log in and can potentially be bypassed.

Concept tested. Suspending user interactive login

No community discussion yet for this question.