Paxton, Darren wrote: > Hi All, > > Having one of those moments where no matter where I'm searching, can't seem > to find what I'm actually looking for. > > Wondering how any of you are currently handling user account expiry if an > account lies idle for a defined amount of time. > > I've seen perl scripts listed in some places, but I'm trying to see if I can > use whatever native tools are already in place to identify when the user last > logged in (this is on RHEL systems) and then work out if this is greater than > the threshold of 90 days. > > At this point, we're not actually going to disable those accounts, just > looking for a way to identify them so that systems can be flagged as > requiring attention. (hopefully this will all help contribute to the argument > for a centralised authentication mechanism). > > Systems are all RHEL so any advice anyone's got on this platform would be > greatly appreciated.
`lastlog` will probably be your first port of call: # lastlog Username Port From Latest root tty1 Sat Feb 28 14:01:43 +0000 2009 bin **Never logged in** daemon **Never logged in** adm **Never logged in** lp **Never logged in** sync **Never logged in** shutdown **Never logged in** ~snip~ You can also specify a range of UID's # lastlog -u 1000-2000 This might be more useful for parsing - you might not want to disable some accounts. > Password expiry is also being enabled therefore was wondering if this could > be centred around that as a way of doing the calculation. > > Thanks > > Darren HTH -Colin _______________________________________________ Scottish mailing list [email protected] https://mailman.lug.org.uk/mailman/listinfo/scottish
