LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-03-2013, 08:01 PM   #1
gacanepa
Member
 
Registered: May 2012
Location: San Luis, Argentina
Distribution: Debian
Posts: 205

Rep: Reputation: 27
Question (RHEL, Bash) List users and check if they have logged on during the last 2 months


Hi everyone,
At work we were told to check the list of users of an application server and delete all those that have left the company or don't need access to the application anymore. Here's what I came up with. Would you be as kind as to tell me your opinion and whether there is a faster / easier way to accomplish the same thing?
1) Save the list of user names (1st field in /etc/passwd) in a text file (~500 users).
2) Merge /var/log/wtmp and /var/log/wtmp.1 (logrotate is configured to keep only 1 rotated wtmp log) into a single file with
Code:
cat /var/log/wtmp.1 /var/log/wtmp > wtmp
3) Convert the wtmp file (which is of type data):
Code:
gacanepa@Gabriel-PC ~ $ file /var/log/wtmp
/var/log/wtmp: data
to a plain text file sorted by 1st field (user names) and filtered by last occurrence of user name:
Code:
last -f wtmp | sort -uk1,1 > wtmp.txt
4) Check one by one the list of users created in step #1 to see whether they appear in the wtmp.txt file. If they don't appear in this file, which lists the logins for the current and past month, it means they haven't logged on during the same period, and we can consider deleting them.
5) Each "inactive user" is logged into
Some points to consider:
1) Here's the section of /var/log/wtmp in our logrotate.conf file:
Code:
# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
    rotate 1
}
Unfortunately, we can't edit it.
2) For the same reasons as above we can't use chage either to disable accounts.
I hope I made myself clear enough . Any suggestions will be more than welcome.

Last edited by gacanepa; 10-03-2013 at 08:04 PM.
 
Old 10-03-2013, 08:55 PM   #2
DaveQB
Member
 
Registered: Oct 2003
Location: Sydney, Australia.
Distribution: Debian, Ubuntu
Posts: 400

Rep: Reputation: 39
I would run:

Code:
for i in $(cat users) ; do (last ;last -f /var/log/wtmp.1) | grep -q $i || echo $i ; done
This will give you a list of users not found.

On a side topic, the package acct might interest you.
 
1 members found this post helpful.
Old 10-03-2013, 09:12 PM   #3
gacanepa
Member
 
Registered: May 2012
Location: San Luis, Argentina
Distribution: Debian
Posts: 205

Original Poster
Rep: Reputation: 27
If I am not mistaken, the users command only shows the users that are currently logged on to the current host (from man users), and I need to check the whole list of local users (as found in /etc/passwd) and see which ones have logged on at least once during the period of time recorded in wtmp (and wtmp.1, after wtmp is rotated).
So, IMHO (please feel free to correct me if I'm wrong) the following one-liner
Code:
for i in $(cat users) ; do (last ;last -f /var/log/wtmp.1) | grep -q $i || echo $i ; done
will examine the wtmp logs and look whether the users that are currently logged on are present in those logs.
I will mark your thread as helpful because this will definitely come in handy one of these days .
Also, I will be a follower of your blog. Nice job there! And that is so cool that you were a part of the team behind the Happy Feet 2 movie!

Last edited by gacanepa; 10-03-2013 at 09:17 PM.
 
Old 10-03-2013, 09:35 PM   #4
DaveQB
Member
 
Registered: Oct 2003
Location: Sydney, Australia.
Distribution: Debian, Ubuntu
Posts: 400

Rep: Reputation: 39
Hey gacanepa

Thanks It was a good experience, some high end tech gear used to make animations.

My mistake on the command, I meant to add a disclaimer that the "users" would be the file of users you mentioned you created from the passwd file.

Something simple like:

Code:
cut -f1 -d":" /etc/passwd
So you could combine that all in one with:

Code:
for i in $(cut -f1 -d":" /etc/passwd) ; do (last ;last -f /var/log/wtmp.1) | grep -q $i || echo $i ; done
That'll work for you.
 
1 members found this post helpful.
Old 10-03-2013, 09:47 PM   #5
gacanepa
Member
 
Registered: May 2012
Location: San Luis, Argentina
Distribution: Debian
Posts: 205

Original Poster
Rep: Reputation: 27
Oh I see now . This works fairly well - I'll just need to add a little tweaking in order to consider only "real" users and not daemons (forgot to say that in my first post) - but that will be a piece of cake. You have pointed me in the right direction and that's enough for me. I will also mark your last post and helpful and this thread as solved.
On a side note, if you don't mind, I'll send you my personal email address so you can -when you have one minute or 2- fill me in a little of your work in the Happy Feet movie. I am always curious of the "real world applications" (which distros, applications for animations used in the movie, etc) of Linux besides the enterprise environment - which is what I have the most experience on.
 
Old 10-03-2013, 10:36 PM   #6
DaveQB
Member
 
Registered: Oct 2003
Location: Sydney, Australia.
Distribution: Debian, Ubuntu
Posts: 400

Rep: Reputation: 39
No worries at all.
 
Old 10-03-2013, 11:46 PM   #7
gacanepa
Member
 
Registered: May 2012
Location: San Luis, Argentina
Distribution: Debian
Posts: 205

Original Poster
Rep: Reputation: 27
Great. Sent you an email to the address listed in your blog. Thanks again!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to check which users are logged in dev@linuxquestion# Linux - Server 5 03-28-2012 05:05 AM
Bash command to list users logged in at 5pm F4U57 Linux - Newbie 2 06-07-2010 11:37 PM
How do I list all users (even those not logged in) steved Linux - Newbie 2 09-29-2005 05:45 PM
How to check amount of users logged in CurtisKaj Linux - General 4 08-20-2003 10:46 PM
how can i see list of logged on users? doublefailure Linux - General 6 09-10-2002 09:11 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 04:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration