LX0-103 · Question #167
You have a user whose account you want to disable but not remove. What should you do?
The correct answer is D. Edit /etc/passwd and insert an * after thefirst : .. This question tests how to lock a Linux user account in /etc/passwd without deleting the account entry.
Question
You have a user whose account you want to disable but not remove. What should you do?
Options
- AEdit /etc/gshadow and just remove his name.
- BEdit /etc/passwd and change all numbers to 0.
- CEdit /etc/shadow and remove the last field.
- DEdit /etc/passwd and insert an * after thefirst : .
- EEdit /etc/group file and put a # sign in front of his name.
How the community answered
(44 responses)- A2% (1)
- B2% (1)
- D95% (42)
Why each option
This question tests how to lock a Linux user account in /etc/passwd without deleting the account entry.
The /etc/gshadow file controls group shadow passwords and memberships, not individual user login authentication, so editing it would not disable the user's interactive login.
Changing all numeric fields in /etc/passwd to 0 sets the user's UID and GID to 0 (root), which grants superuser privileges rather than disabling the account.
The last field in /etc/shadow is the account expiry date, not the password hash - removing it does not reliably lock the account and risks corrupting the shadow file format.
In /etc/passwd, the second field (between the first and second colons) holds the password hash or a placeholder. Inserting '*' in this field causes the authentication system to treat the account as locked because '*' is never a valid password hash. The account entry remains intact and can be re-enabled by removing the '*', making this a non-destructive and reversible disable method.
The /etc/group file only controls group memberships and has no effect on a user's ability to authenticate and log in to the system.
Concept tested: Locking Linux user account via /etc/passwd password field
Source: https://man7.org/linux/man-pages/man5/passwd.5.html
Topics
Community Discussion
No community discussion yet for this question.