Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Depending om how long you keep your utmp file, last / lastlog could give some info.
If you setup your password handling correctly (enforcing regular password changing), you can also use chage -l <user> to get an reasonable estimate (the first line of output: Last password change).
If these users are allowed to use su / sudo: Have a look at those logs as well.
In your "weeding" you don't need to delete the users. Use usermod -s /bin/false" to set the shell for each to /bin/false so if they attempt to login it logs them out. You can also run "passwd -l" to lock the accounts.
If the users you lock out call to complain you can easily revert by using "passwd -u" to unlock the account and set the user password back to what it was before the lock.
You could also use usermod -c to add a comment to the account noting when you locked it (e.g. usermod -c "Locked 15 Jun 2010" -s /bin/false <loginid>). Then at some later point you can look to see when accounts were locked. If they are still locked 6 months later (or 10 days later depending on what you decided) then you can delete them.
Note that many shops never delete users so as to not reuse UID numbers - that way if you had occasion to restore some old backup it would come in with the correct login IDs on the files instead of just the UID.
Note that many shops never delete users so as to not reuse UID numbers - that way if you had occasion to restore some old backup it would come in with the correct login IDs on the files instead of just the UID.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.