- adduser [username] : add a user account
- deluser [username] : delete a user account *deleting an account does not remove their respective home folder.
- deluser --remove-home : delete a user account with their home folder.
- passwd -l [username] : temporary lock a user account
- passswd -u [username] : unlock a user account
- addgroup [groupname] : create a group
- delgroup [groupname] : delete a group
- adduser [username] [groupname] : add a user to a group
- chage -l [username] : view the status of a user account
- chage [username] : modify password expiration of a user account
- gpasswd -a [username] [groupname] : add user to a group
- usermod -G [groupname] [username] : move user froup a group
- usermod -a -G [namagroup] [namauser] : add user to a group
File to modify password policy of a user
Ubuntu : /etc/pam.d/common-password
CentOS : /etc/security/pwquality.conf
Disabling/locking a user account will not prevent a user from logging into your server remotely if they have previously set up RSA public key authentication. They will still be able to gain shell access to the server, without the need for any password. Remember to check the users home directory for files that will allow for this type of authenticated SSH access, e.g. /home/username/.ssh/authorized_keys.
Remove or rename the directory .ssh/ in the user's home folder to prevent further SSH authentication
capabilities. Be sure to check for any established SSH connections by the disabled user, as it is possible they may have existing inbound or outbound connections. Kill any that are found.
who | grep username (to get the pts/# terminal)
sudo pkill -f pts/#