Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am trying to figure out a one-liner or script that will allow me to get all the information I need with one swoop. I am running a mixture of Red Hat and SUSE servers and need to just get all the information in a file.
compgen -u gets me the users
compgen -g gets me the groups
I found this script that will show me the users and what group they are in -
#! /bin/bash
#
for i in $(cat /etc/passwd | cut -d: -f1); do
echo -n $i ": "
grep $i /etc/group | cut -d: -f1 | tr "\n" " "
echo
done
I was also trying to get the lslogins output which shows me the last login, pwd-lock, and pwd-deny. I am assuming this indicates if the user can login or if it is a system account.
Long story short I am trying to get a nice auditing output to show local users and groups of all systems and then what users are in what groups. Plus, show if the user is able to login or if it is system account (daemon). Auditors here are primary Windows so they see a local account they just assume it can login.
Any suggestions or assistance is greatly appreciated!
for i in $( who | cut -d' ' -f1); do echo $i ; echo $(id $i ); done
shows who is login and what groups they belong to. needs curtailing of course to use your formatting needs. you (will) needs to look in the appropriate areas for the data you need to display. Do your research what files keeps whos particular type of info, and how to access it, and, what commands (apps) get you the info you're looking for.
the ole' "how to ...." search is a good start to a search text line for how to do something. Then piece it together like I did on my example.
this would have been my line of questioning,
how to do a for loop on the cli
how to find users logged in
how to find users groups
how to chop up strings in Linux
etc...
for i in $( who | cut -d' ' -f1); do echo $i ; echo $(id $i ); done
Expanding on that, to get all users whether logged in or not one could query /etc/passwd file. Administrative accounts are usually UID 500 or lower. If shadow is in use (as it should be) then the general layout of /etc/passwd starts with:
username:x:uid:gid:etc...
A one liner that would exclude all uid values 500 and lower as well as the special nfsnobody from that layout and do your suggested id command would be:
Code:
for user in $(egrep -v "x:[0-9]:|x:[0-9][0-9]:|x:[0-4][0-9][0-9]:|x:500:|x:65534:" /etc/passwd |awk -F: '{print $1}'); do id $user; done
egrep allows for multiple patterns. The patterns are separated by pipe sign "|" and the set of patterns are started and ended with double quotes ".
The first pattern above looks for any single digit UID (e.g. 0 for root)
The second pattern looks for any 2 digit uid
The third pattern looks for any 3 digit uid up to 499
The fourth pattern looks just for uid 500
The final pattern excludes 65534 used for nfsnobody.
It then pipes the lines found into awk and splits on : as delimiter which is what passwd uses and gets the first field which is the user login name.
The for loop makes it run id on each of the user login names found.
Last edited by MensaWater; 05-17-2019 at 03:23 PM.
why does it have to be a oneliner?
this is fairly complex; seems pretty clear to me that a shell function or a dedicated script is required here, whichever approach you choose.
why does it have to be a oneliner?
this is fairly complex; seems pretty clear to me that a shell function or a dedicated script is required here, whichever approach you choose.
For some reason folks love one liners - in point of fact what I gave the OP as a one liner is something I'd normally spread over multiple lines in a scirpt e.g.:
Code:
#/bin/bash
for user in $(egrep -v "x:[0-9]:|x:[0-9][0-9]:|x:[0-4][0-9][0-9]:|x:500:|x:65534:" /etc/passwd |awk -F: '{print $1}')
do id $user
done
In such a script I might even do intermediate steps for that first line depending on what else I needed to do. However, it works as a one liner the way my earlier post had it.
One issue I am encountering now is these servers are running SSSD to tie them to AD for user authentication. When I run different commands I am getting tons of AD users which I don't want, just looking for local user accounts.
Commands that are showing more account, AD, than what I want:
Any thoughts on what else I can run to just see local account information for my Auditors? Trying to determine what accounts, local, are human accounts or accounts that can login. What accounts are disabled or have password locked and not able to login. Things like that.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.