There's no way to do this without modifying the core code. If you want to go that route, it's in user.module.
However, you have complete control over the permissions for people who are not logged in (role "anonymous"). Why not just use that?
Alternatively, you could use .htaccess to deny access to the site to anyone who doesn't have the username and password that you have assigned. They won't be able to edit the password, and you won't have to modify durpal core code. A simple google search ("htaccess tutorial") produces the following page, which should get you going:
http://www.freewebmasterhelp.com/tutorials/htaccess/
Cheryl
I need to create a special role/user on my site.
Basically I want the users to log in with an username and password I provide without registering new accounts. It should work as a just multi- user role with specific permissions.
The problem is that anyone can log-in and modify the password. So, how can I lock the access to the user page even for the same user?
I'm looking for a small mod in order to add this option in the access control page. So I can lock the account properly.
-HRose / Abalieno