Hi,

We have 4 servers having rhel 5.2. We have several users logged in on one of them. We have nis server/client running on them and have common home area mounted on all of them.
Now we want to disable/block the accounts of the users who have not accessed our servers in last 2 months from today.
What logic should we apply to do so? We were checking stat of .bashrc of each user but is not correct logic.
We are going to write shell script for the same.
Any help would be appreciated.
W dont want to do anything in users home area or their files.

-Akshar

Looking at .bashrc doesn't sound reliable. Presumably you back up user's home directories and that would probably access their .bashrc.

Assuming you have centralised authentication (you mention NIS but don't say what you're using it for), I'd probably start by looking at the logs on the authentication server.

Hi, you can put this command inside the .bashrc file of the user account:

usermod -e `date '+%Y-%m-%d' --date='2 month'` username

Bad idea.
.bashrc is writable by user, so everyone will be able to remove this limitation
Log analyzer seems to be more appropriate.

I suspect that wouldn't work because the users are managed centrally rather than existing on each machine. Even if that isn't the case, it wouldn't work because usermod needs to be run by root. Also, what pvs said. (Such a command should be placed in to /etc/bash.bashrc or equivalent anyway so as to avoid the need to modify lots of .bashrc files and to avoid the scenario pvs mentions.)

managed centrally with Samba?

it is not samba managed. Kindly provide us any robust logic/idea.

The OP mentioned NIS, which can be used to manage accounts centrally. Though the OP has not bothered to clarify whether or not this is what they are doing or whether they're using NIS for authentication.


Hey, you know your set up, you're in the best position to figure it out. If you can set all that stuff up, you should have a decent idea of how to figure out the solution yourselves.

Is authentication done against a central server? If so, see my previous reply. Otherwise you'll have to trawl the logs on each server. Look at the output of 'last' and if that doesn't go back far enough then try running last against the archived versions of /var/log/wtmp.

use chage command to lock the account of the user who has not logged in from last 60 days
chage -m -M 60 -W 10 -E -1 "name of the user"

hi arizonagroovejet/members,

Authentication is done against nis and there is load balancing among these servers. I think i will have to look at "last" command output on each nis clients and check whether user has logged in or not.

But is there ant other logic that can be implemented?

If authentication is happening against more than one NIS server, just look at the logs of all the servers.


Well you can look at logs on the servers or you can look at logs on the clients. I can't think of any other way of finding the information.

Moved: This thread is more suitable in <LQ Sec> and has been moved accordingly to help your thread/question get the exposure it deserves.