We’re about to fire an employee and the boss is worried he’ll mess up our servers or steal customer data before he’s escorted out of the office. She’s asked me to disable his accounts, but not delete them. How can I do that in Ubuntu Linux?
While I think that 99% of employee severances proceed without an issue or incident greater than some angry words or tears of disappointment or frustration, it’s a smart idea to protect the company and have a plan before termination. While some operating systems offer a “disable” feature, however, Linux doesn’t support turning off user access with a simple tap of a button. Fortunately, there are some common workarounds that can still make the process pretty quick and easy.
The first thing you want to do, however, is to ensure that this employee hasn’t set themselves up with any extra accounts on the system. A quick audit of every active account is a good security practice anyway, but doing one immediately is a smart move; who are these users? Why do they have access? And doubly so for any administrative accounts – and any accounts where users might be sharing a common password, as is all too common with system admins seeking an easy way to manage a server installation.
Unsure about an account? Use the same approach I’ll outline below to disable them too, letting employees contact you to request reinstated access as proper and legit.
HOW TO DISABLE AN UBUNTU LINUX ACCOUNT
The first step is to get to Settings on the Ubuntu system you want to change. That’s easily done via the top right of the screen if you’ve a standard configuration:
Once you open up the big Settings window, look on the left side for “Users“. You’ll have to scroll down to find it:
In this instance, we’re going to disable Angel Bowman’s account. You can see that by default it’s showing the information for my own account, but a click on the other user’s icon switches to a view of their account information.
Note: You do need to have an administrative account to accomplish this task. If you do not, you’ll need to switch to an admin account to gain the required permissions.
Oops! Before you can change anything, you’ll need to authenticate:
Type in your admin password again and you’ll be able to get to the user’s account settings. For me, it’s Angel’s account:
Here’s where we have to make a choice; disable, or delete? Let’s look at both…
HOW TO DISABLE A LINUX USER ACCOUNT
Plenty of admins don’t think of this, but the fast and easy way to disable a user account on any operating system is to simply change their password to something that they don’t know. On Linux, that’s done by clicking on the “Password” field. A window pops up with two choices:
The good news is that you don’t have to even remember or write down the new password because if you need to restore access, you can always change it yet again to something you’d share with the user – or simply choose “Allow user to change their password on next login.”
The latter would be the wrong choice if you seek to disable their account, of course, so choose “Set a password now” and use something simple like “You’reOuttaThere!!” or “Disabled 7/26/21”, neither of which are easily guessed or hacked.
But… what if the boss says “no, we want to completely delete that account, not just disable it”?
HOW TO DELETE A LINUX USER ACCOUNT
If you decide to delete their account instead, click on the red “Remove User…” button on the bottom of the main Settings > Users window. A different window pops up:
As shown, you can opt to “Keep Files” around when you delete the account, or you can wipe it entirely by choosing “Delete Files“. Either way, one more click and the job is done.
Good luck and I hope it all goes smoothly.
Pro Tip: I’ve been writing about Linux since the dawn of the operating system, and Unix before that. Please check out my extensive Linux help area for lots of additional tutorial content while you’re visiting. Thanks!