Front | Info | Lists | Newsfeeds | Study Guide | What is BSD?
Advertisement: The OpenBSD PF Packet Filter Book: PF for NetBSD, FreeBSD, DragonFly and OpenBSD

BSD Links
·New Links
·User Groups

This is the BSDA Study Guide Book written via a wiki collaboration. This is a work in progress. You may contribute to or discuss this specific page at

Lock a user account or reset a locked user account


Know how to recognize a locked account and how to remove the lock.


Locking an account is commonly accomplished by modifying the user's password field in the user database. This can be done manually using vipw or chpass.

One FreeBSD and DragonFly, the pw utility can be used to lock and unlock an account. It locks an account by prefixing the password field with "*LOCKED*". For example to lock a user by name:

$ pw lock fred

Or to unlock an account by the UID:

pw unlock 2395

On NetBSD, the usermod (or user mod) program with the -C switch can be used to lock accounts. It also prefixes the password hash with "*LOCKED*". To lock an account use:

$ usermod -C yes julie

And to unlock the account:

$ usermod -C no julie

TODO: OpenBSD's version of NetBSD's usermod doesn't have this lock functionality; does OpenBSD have a tool for this? Or just do it manually?

TODO: locking accounts can also be done with password change time and expiration times. This could mention that briefly, but doesn't cover it.

TODO: point to section describing master.passwd format


Practice Exercises

  1. Use vipw or chpass to manually lock the account. And then test a login. And then unlock.

More information

vipw(8); chpass(1), pw(8), user(8)

Front | Information | Lists | Newsfeeds