How to list all locked user accounts in linux?

Linux is great for managing administration tasks, which include managing access, authorizations, and file permissions in a system. While managing user accounts and groups you might encounter some accounts which need to be blocked or locked in order to ensure safety. But once you lock an account how can you see which all accounts are locked or banned on your system? That’s what we are going to cover in this article, we will see how you can list or see the user accounts that are locked in your Linux system.

In Linux systems, the accounts data is stored in shadow files, and there is quite a information present in those files like user accounts, their passwords, and banned or locked accounts. So, to see the locked accounts follow the below step-by-step guide.

Steps to view Locked user accounts in Linux:

Method 1: Using /etc/passwd file

Step 1: Open your Linux terminal, you can open it by searching for it in applications or you can use the shortcut key i.e. CRTL + ALT + T.

CRTL + ALT + T

Step 2: As we discussed above the user accounts information is stored in shadow file, which is a system file in Linux that stores encrypted user passwords and is accessible only to the root user, preventing unauthorized users or malicious actors from breaking into the system. make you are logged in as root user or you are using sudo command because without that you won’t be able to see the file content. Now type the below command to open the shadow file.

sudo cat /etc/shadow

you can also use the text editors like nano, or vim to view this file, please note that editing this file directly is not recommended so it’s better if you only use cat command to see the content of file. as you can see in the below screenshot we have typed the command.

Step 3: Now we can examine the contents of the /etc/shadow file. Each line represents a user account, and the second field (between the first and second colons) is the password field. If an account is locked, you will see an “!” or “*” character in this field.

For example:

username2:!:18765:0:99999:7:::

In the below output, you can see that we have a user gfgdemouser which has a ! mark in front of it which means it’s a locked account. and there are other accounts too that are locked by default.

This is how you can view which accounts are locked on your system. By this you can get a insight of which user’s you can allow or not to access your system or environment. you can also explore the methods of locking a account or unlocking a account in linux and can see for yourself by performing some lock and unlock.

Method 2: Using the passwd command

The passwd command can be used to list all the users that are locked in your system. To list locked user accounts, you can use the -S option to display the status of each account, and then filter for “L” (locked) accounts. type the below command to do so.

sudo passwd -S -a | awk '$2=="L" {print $1}'

As you can see we have a list of all the user’s that never logged into the system.

Method 3: Using the getent command

The getent command can be used to query various databases, including the passwd database. You can use it to list locked user accounts:

getent passwd | awk -F: '$2 == "x" {print $1}'

Conclusion

In the above article we have covered how we can see the locked accounts on linux system. and how to lock or unlock an account. Please note that directly editing the /etc/shadow file is not recommended, and you should only use this information for reference purposes. you can try locking and unlocking your system user accounts just for practice and can review the information of shadow files, that how it’s effected.