nerdexam
CompTIA

LX0-104 · Question #490

Of the ways listed, which is the best way to temporarily suspend a single user's ability to interactively login?

The correct answer is D. Use chage to expire the user account.. Expiring a user account using the chage command is the most effective and clean way to temporarily suspend a single user's interactive login capability.

Administrative Tasks

Question

Of the ways listed, which is the best way to temporarily suspend a single user's ability to interactively login?

Options

  • AAdd the user name to /etc/nologin.
  • BChange the user's password.
  • CChange the user name in /etc/passwd.
  • DUse chage to expire the user account.
  • EPlace the command logout in the user's profile.

How the community answered

(51 responses)
  • A
    2% (1)
  • B
    2% (1)
  • C
    6% (3)
  • D
    82% (42)
  • E
    8% (4)

Why each option

Expiring a user account using the chage command is the most effective and clean way to temporarily suspend a single user's interactive login capability.

AAdd the user name to /etc/nologin.

Adding a username to /etc/nologin does not work; the /etc/nologin file itself, if present, prevents all non-root users from logging in, not specific users.

BChange the user's password.

Changing the user's password would prevent them from logging in with their old password, but it doesn't suspend the account and could cause issues if the user is using services that rely on their password.

CChange the user name in /etc/passwd.

Changing the username directly in /etc/passwd would lead to account inconsistencies and potential system errors, as other system files rely on the correct username.

DUse chage to expire the user account.Correct

The chage command can be used with the -E option to set an account's expiration date. By setting the expiration date to the current day or a past date, the user's account is temporarily suspended, preventing interactive logins without deleting the account or permanently altering their password. This method is easily reversible.

EPlace the command logout in the user's profile.

Placing logout in a user's profile might prevent them from getting a shell, but it's an unreliable and hacky solution that can often be bypassed and is not a robust system-level suspension method.

Concept tested: Suspending user accounts

Source: https://man7.org/linux/man-pages/man1/chage.1.html

Topics

#user account suspension#chage#account expiration#user management

Community Discussion

No community discussion yet for this question.

Full LX0-104 Practice