At work we were told to check the list of users of an application server and delete all those that have left the company or don't need access to the application anymore. Here's what I came up with. Would you be as kind as to tell me your opinion and whether there is a faster / easier way to accomplish the same thing?
1) Save the list of user names (1st field in /etc/passwd) in a text file (~500 users).
2) Merge /var/log/wtmp and /var/log/wtmp.1 (logrotate is configured to keep only 1 rotated wtmp log) into a single file with
cat /var/log/wtmp.1 /var/log/wtmp > wtmp
3) Convert the wtmp file (which is of type data
gacanepa@Gabriel-PC ~ $ file /var/log/wtmp
to a plain text file sorted by 1st field (user names) and filtered by last occurrence of user name:
last -f wtmp | sort -uk1,1 > wtmp.txt
4) Check one by one the list of users created in step #1 to see whether they appear in the wtmp.txt file. If they don't appear in this file, which lists the logins for the current and past month, it means they haven't logged on during the same period, and we can consider deleting them.
5) Each "inactive user" is logged into
Some points to consider:
1) Here's the section of /var/log/wtmp in our logrotate.conf file:
# no packages own wtmp, or btmp -- we'll rotate them here
create 0664 root utmp
Unfortunately, we can't edit it.
2) For the same reasons as above we can't use chage
either to disable accounts.
I hope I made myself clear enough
. Any suggestions will be more than welcome.