in Linux (RedHat) how do I lock an account and display admin message?

Question

I am having trouble with people on my system using the maintenance account logging in and performing stuff that slows my machine down. How do I lock this account and when someone tried to log in using it, it will display a system message or admin message saying something like " this account is locked by admin" in all means of log in, via rsh, telnet, ssh, on the actual physical machine, via xming, gnome, kde....

Answer 1

Probably the best (standard) answer is to set the login shell on the account in question to /sbin/nologin and/or enter an impossible hash (such as '$$') in /etc/shadow. This, however, does not display your "go away" message...

If you REALLY need to display a message, you could try something like this (extra space added for emphasis and cat used rather than an editor for illustration):

pecan:~ $ ssh pine

pine:~$ cat >/tmp/locked_acct
#!/bin/bash
echo "This account has been locked"
sleep 10
exit 1

pine:~$ chmod +x /tmp/locked_acct 

pine:~$ /tmp/locked_acct 
This account has been locked

pine:~$ sudo cat >>/etc/shells
/tmp/locked_acct

pine:~$ sudo useradd -r -m -c 'locked system account' --shell /tmp/locked_acct locked

pine:~$ sudo passwd locked
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

pine:~$ exit
logout

Connection to 192.168.1.224 closed.
pecan:~$ ssh locked@192.168.1.224
locked@192.168.1.224's password: 
This account has been locked
Connection to 192.168.1.224 closed.

In short:

1. create a shell in an appropriate location which displays your message. Obviously, you would not put a shell under /tmp as I have done (it could be easily removed).
2. Add the shell (with full path) to /etc/shells.
3. Create the account with the new shell. If the account exists (as in your case), use either chsh or vipw to change the shell or edit the passwd file.