Is there an easy or at least any way of figuring out which users have been active and which havent? I've got 500ish users and need to start weeding.

Hi,

Depending om how long you keep your utmp file, last / lastlog could give some info.

If you setup your password handling correctly (enforcing regular password changing), you can also use chage -l <user> to get an reasonable estimate (the first line of output: Last password change).

If these users are allowed to use su / sudo: Have a look at those logs as well.

Hope this gets you going.

In your "weeding" you don't need to delete the users. Use usermod -s /bin/false" to set the shell for each to /bin/false so if they attempt to login it logs them out. You can also run "passwd -l" to lock the accounts.

If the users you lock out call to complain you can easily revert by using "passwd -u" to unlock the account and set the user password back to what it was before the lock.

You could also use usermod -c to add a comment to the account noting when you locked it (e.g. usermod -c "Locked 15 Jun 2010" -s /bin/false <loginid>). Then at some later point you can look to see when accounts were locked. If they are still locked 6 months later (or 10 days later depending on what you decided) then you can delete them.

Note that many shops never delete users so as to not reuse UID numbers - that way if you had occasion to restore some old backup it would come in with the correct login IDs on the files instead of just the UID.

+1

@Neruocomp: Some more things to consider when "retiring" old users:
http://www.daemonforums.org/showthread.php?t=413

(Replace chpass(1) with chage(1) for Linux systems.)

1 members found this post helpful.