Spread the love


Want to know the inactive users on your Linux machine who have not been using the machine since long time?

The following simple shell script, called not-this-month, uses the last command to produce a list of the users who haven’t logged in during the current month. Run it the last day of the month to produce a list of accounts that you may wish to disable.

# not-this-month:
# Gives a list of users who have not logged in this month
PATH=/bin:/usr/bin;export PATH
umask 077
mkdir /tmp/NTM || exit 1
chmod 700 /tmp/NTM
THIS_MONTH=´date | awk ‘{print $2}’´
last | grep $THIS_MONTH | awk ‘{print $1}’ | sort -u > /tmp/NTM/users1$$
cat /etc/passwd| awk -F: ‘{print $1}’ | sort -u > /tmp/NTM/users2$$
comm -13 /tmp/NTM/users[12]$$
rm -r /tmp/NTM
The following explains the details of this shell script:

Sets up a safe path. This also enables you to avoid specifying full pathnames to all of the commands that follow.

umask 077
Sets the umask value so that other users on your system will not be able to read the temporary files in /tmp.

mkdir /tmp/NTM || exit 1
Creates a temporary directory for the temp files. This prevents an attacker from hijacking the files used in the script. If the directory already exists, then the script exits with an error.

THIS_MONTH=´date | awk ‘{print $2}’´
Sets the shell variable THIS_MONTH to the name of the current month.

Generates a list of all of the logins on record.

| grep $THIS_MONTH
Filters the above list so that it includes only the logins that happened this month.

| awk ‘{print $1}’
Selects out the login name from the above list.

| sort -u
Sorts the list of logins alphabetically, and removes multiple instances of account names.

cat /etc/passwd | awk -F: ‘{print $1}’
Generates a list of the usernames of every user on the system.[8]

[8] Once again, you may need to replace the cat /etc/passwd command with your own system-specific command that prints out the contents of the password database.

comm -13
Prints items present in the second file, but not the first, i.e., the names of accounts that have not been used this month.

This shell script assumes that the database used by the last program has been kept for at least one month.

After you have determined which accounts have not been used recently, consider disabling them or contacting their owners. Of course, do not disable accounts such as root, bin, uucp, and news that are used for administrative purposes and system functions. Also remember that users who access their account only with the rsh (the remote shell command) or su commands won’t show up with the last command. If these accesses are logged by syslog on your system, you can write another script to look for them (or their absence).

Spread the love
Categories: Docker

Ajeet Raina

My name is Ajeet Singh Raina and I am an author of this blogging site. I am a Docker Captain, ARM Innovator & Docker Bangalore Community Leader. I bagged 2 special awards last year(2019): Firstly, “The Tip of Captain’s Hat Award” at Dockercon 2019, San Francisco, and secondly, “2019 Docker Community Award“. I run Collabnix Community Slack with over 5300+ audience . I have built popular GITHUB repositories like DockerLabs, KubeLabs, Kubetools, RedisPlanet Terraform etc. with the support of Collabnix Community. Currently working as Developer Relations Manager at Redis Labs where I help customers and community members adopt Redis. With over 12,000+ followers over LinkedIn & close to 5100+ twitter followers, I like sharing Docker and Kubernetes related content . You can follow me on Twitter(@ajeetsraina) & GitHub(@ajeetraina)

1 Comment

eebest8 michael · 9th December 2016 at 7:10 am

“Awesome blog.Really thank you!”

Leave a Reply

Your email address will not be published. Required fields are marked *

Join Collabnix SlackIt's 100% FREE!

Get chance to chat with 5500+ DevOps Engineers !