Basic commands

1. adduser [username] : add a user account
2. deluser [username] : delete a user account *deleting an account does not remove their respective home folder.
3. deluser --remove-home : delete a user account with their home folder.
4. passwd -l [username] : temporary lock a user account
5. passswd -u [username] : unlock a user account
6. addgroup [groupname] : create a group
7. delgroup [groupname] : delete a group
8. adduser [username] [groupname] : add a user to a group
9. chage -l [username] : view the status of a user account
10. chage [username] : modify password expiration of a user account
11. gpasswd -a [username] [groupname] : add user to a group
12. usermod -G [groupname] [username] : move user froup a group
13. usermod -a -G [namagroup] [namauser] : add user to a group

Password policy

File to modify password policy of a user
Ubuntu : /etc/pam.d/common-password
CentOS : /etc/security/pwquality.conf

Security considerations

Disabling/locking a user account will not prevent a user from logging into your server remotely if they have previously set up RSA public key authentication. They will still be able to gain shell access to the server, without the need for any password. Remember to check the users home directory for files that will allow for this type of authenticated SSH access, e.g. /home/username/.ssh/authorized_keys.

Remove or rename the directory .ssh/ in the user's home folder to prevent further SSH authentication capabilities. Be sure to check for any established SSH connections by the disabled user, as it is possible they may have existing inbound or outbound connections. Kill any that are found.

who | grep username (to get the pts/# terminal)
sudo pkill -f pts/#