LX0-104 · Question #490
Of the ways listed, which is the best way to temporarily suspend a single user's ability to interactively login?
The correct answer is D. Use chage to expire the user account.. Expiring a user account using the chage command is the most effective and clean way to temporarily suspend a single user's interactive login capability.
Question
Options
- AAdd the user name to /etc/nologin.
- BChange the user's password.
- CChange the user name in /etc/passwd.
- DUse chage to expire the user account.
- EPlace the command logout in the user's profile.
How the community answered
(51 responses)- A2% (1)
- B2% (1)
- C6% (3)
- D82% (42)
- E8% (4)
Why each option
Expiring a user account using the chage command is the most effective and clean way to temporarily suspend a single user's interactive login capability.
Adding a username to /etc/nologin does not work; the /etc/nologin file itself, if present, prevents all non-root users from logging in, not specific users.
Changing the user's password would prevent them from logging in with their old password, but it doesn't suspend the account and could cause issues if the user is using services that rely on their password.
Changing the username directly in /etc/passwd would lead to account inconsistencies and potential system errors, as other system files rely on the correct username.
The chage command can be used with the -E option to set an account's expiration date. By setting the expiration date to the current day or a past date, the user's account is temporarily suspended, preventing interactive logins without deleting the account or permanently altering their password. This method is easily reversible.
Placing logout in a user's profile might prevent them from getting a shell, but it's an unreliable and hacky solution that can often be bypassed and is not a robust system-level suspension method.
Concept tested: Suspending user accounts
Source: https://man7.org/linux/man-pages/man1/chage.1.html
Topics
Community Discussion
No community discussion yet for this question.