List all inactive users who has not logged on since last 90 days

haridham · July 25, 2008, 12:47am

I need actuall script which List all inactive users who has not logged on since last 90 days

Thanks in advance.
Di!

itik · July 25, 2008, 1:22am

You can get all that info on /etc/shadow, can't give you what I have, I didn't write it.

era · July 25, 2008, 1:29am

The passwd command has some useful options. See its manual page.

haridham · July 25, 2008, 1:32am

I am not getting you. /etc/shadow has password information.I need to generate list of users who has not logged on since last 90 days.

incredible · July 25, 2008, 2:40am

You have to use the "last" command and use that to manipulate.
Do you need further information?

haridham · July 25, 2008, 2:41am

I am actualll new to this system. Can you give me script?

incredible · July 25, 2008, 2:44am

I do not have that in hand, if you give me some time, I will prepare one.

haridham · July 25, 2008, 2:45am

Okay. Thanks a lot!

era · July 25, 2008, 3:05am

last will only go back so far, typically beginning of the current month. passwd -S -a shows you status for each account, including ones which never logged in. Search this site for usage examples.

incredible · July 25, 2008, 3:06am

For your information on basic user administration:
#logins -s : Lists system accounts
#logins -u . Lists user accounts
#logings -d : Lists duplicate accounts

#usermod -f 15 username : user's account expires if the user has not logged in for 15 days or longer.
#usermod -e 12/31/2001 username : automatically expire an account on a particular date
#usermod -e " " username : reactivate an account with a set expiration date.

#passwd -l : locks an account.
#passwd -e username : cgange the shell, which prompts you for a new shell program.
#usermod -s /usr/bin/false username : change a user's shell

/etc/shells file : Lists of valid login shells that are used by the passwd -e command.

haridham · July 25, 2008, 3:08am

Do you have actuall script?

incredible · July 25, 2008, 3:17am

As I've mentioned to you, I have to prepare one. I don't have a working script with me now.

haridham · July 25, 2008, 3:20am

Okay. Just send me whenever you make it.

Thanks!

incredible · July 25, 2008, 3:22am

And if you want a really "quick and dirty" for future use, you may set the password expiry days in the /etc/shadow file. On the 91th day, you can find out by skeeming through the shadow file and see those a/cs which are locked and you'll have the answer too.

rcmrulzz · July 25, 2008, 4:51am

Those tips were pretty useful... Thanks guys...

incredible · July 25, 2008, 10:31am

Sorry bro, Im finding it tedious manipulating 'date' command with 'last' command.. Here's a very simple one, as I've other urgent tasks at hand. I don't have a unix system now to test this script.Pls execute and let me know.:o

!#/bin/ksh
for user in ` sed 's/:.*$//' /etc/passwd ` ; do
finger ${user} >> /tmp/logins
done
cat /tmp/logins|grep -v "bin|sys|adm|lp|smtp|daemon|uucp|listen|nobody|noacces|nobody4" >> /tmp/login-info
rm /tmp/logins

then have a look at the output to see which user has not logged in for some time.

from here onwards, you might want to see sorting the date column or grepping for a value.

jhtrice · July 25, 2008, 12:09pm

In some environments finger won't give you the last login correctly.
Depending on how your users are set up you might look at the access times of files like .bash_history .profile .bashrc in their home directories.
It's not perfect but it may help and using find makes it easy.

incredible · July 25, 2008, 10:25pm

Yes I agree . By cd-ing to the users' home dir and perform ls -rt, you will see the last modified date of the last file. Can find out from there too.