You have a user whose account you want to disable but not remove.
What should you do?
A.
Edit /etc/gshadow and just remove his name
B.
Edit /etc/passwd and change all numbers to 0
C.
Edit /etc/shadow and remove the last field
D.
Edit /etc/passwd and insert an * after the first :
E.
Edit /etc/group file and put a # sign in front of his name
Explanation/Reference:
A,C would remove parts of the user data,
B would do something strange
E would probably result in a syntax error, you would comment only whole lines
D) does not really disable the accout, but temporarily change the password, so the user is not able to log in.So D would be the least wrong answer.
From the man pages:
The encrypted password field may be blank, in which case no password is required to authenticate as the specified login name. However, some applications which read the /etc/passwd file may decide not to permit any access at all if the password field is blank. If the password field is a lower-case “x”, then the encrypted password is actually stored in the shadow(5) file instead; there must be a corresponding line in the /etc/shadow file, or else the user account is invalid. If the password field is any other string, then it will be treated as an encrypted password, as specified by crypt(3).
Who on earth is still placing passwords in the passwd file?
Shouldn’t such a modification be done in shadow instead?
Putting an * in place of x in /etc/passwd file for that user means disabled password. Passwords are hashed in /etc/shadow folder so nothing can be done there.