Their TL;DR is at the bottom:
Summing up
Over time, commands have become more complex to turn off user account passwords, and the attack surface of Linux systems has also increased. The correct procedure is as follows:
- Stop all Linux processes owned by the user:
# killall -STOP -u
- Delete the user password:
# passwd -d
- Lockdown the user account:
# usermod -L -e 1
- Politely refuse a login for the user account:
# usermod -s /usr/sbin/nologin
Reversing all that is underneith the TL;DR:
How do I reverse the procedure?
First, set user login shell to /bin/bash:
# usermod -s /bin/bash
Unlock the user account:
# passwd -u
Set a new password for the user account:
# passwd
If the Linux system wasn’t rebooted and all processes weren’t killed unlock and resume all Linux processes owned by the user:
# killall -CONT -u