Hi guys ,
I would like to check if there is any command I can list the inactive user with not log in more than 50 days?
Any help will be appreciated. Thanks
If you can use last and get a list of those that have been active for your desired period, then you can use something like:-
cut -f1 -d ":" /etc/passwd | grep -vf active-list
You have to be careful that the active list doesn't match multiple accounts, e.g. a user named bob in the active list might also match bobby and you won't see it in the output.
How are your users defined? Are there likely to be false-positives in this?
perhaps you also need to merge your active list with a list of service accounts, e.g. root or oracle or whatever. You need to be sure that your listed idle users are checked before you do anything too drastic with them.
I hope that this helps,
Robin
You can get the last login time from the user attributes instead of relying on your last log (we roll ours monthly). This should work but it requires perl to be installed to translate the results into a date and time you can understand:
user=george
# lsuser -a time_last_login $user |awk '/last_login/{print substr($2,17)}'
1521126318
# /usr/bin/perl -le "print scalar(localtime(1521126318))"
Thu Mar 15 10:05:18 2018
You can read the users from your /etc/passwd file in a loop:
for user in $(cat /etc/passwd |awk -F':' '{print $1}'); do
LAST=$(lsuser -a time_last_login $user |awk '/last_login/{print substr($2,17)}') && ( printf "$user "; /usr/bin/perl -le "print scalar(localtime($LAST))" )
done
The result will look similar to this:
Now that I see it, it may not be accurate for system accounts, but it has been working fine for our individual user accounts. You would have to either grep out your user accounts or "egrep -v" your system accounts.