Are you in trusted mode? You can tell by looking to see if there are files under /tcb/files/auth If there is, then under this point, there is one character a directory for the first of each user name and within there, there is a file for each user. Look at the timestamp of the file to see the last update of it, however if it has been attacked (someone tried to use it) then this will have been updated.
Within, there are fields describing last successful login, last failed login, last password update etc. The times recorded are in seconds from 1/1/1970 00:00:00 (the Epoch) so someone here helpfully wrote this bit of Perl that reformats it to make it human readable:-
I have this as a one-line script, so I just run something like:-
Code:
$ realtime 1234567890
Fri Feb 13 23:31:30 2009
I hope that this helps. If you are not in trusted mode, then it depends if you clean out the login history files (whatever they are) Try using the last command. Read the manual pages for the options. It might be useful, maybe not. Unless you intercept and log every use of the various user admin commands (useradd, modprpw, passwd etc.) it's going to be difficult to really prove anything.
As a more general question though, are the auditors complaining that the id they used last time to probe around has been suspended? If it's more that a month since they last used it, then I think you have every right to suspend it to limit the risk of attack, in fact you could argue that it should be suspended immediately after they have finished using it.
i understand they have an important job to do, but sometimes they are the worst offenders just asking for open access whenever they want it. Enforce your standards, especially with them. It could be a test of your procedures
hi all, i m tryin to create a new account on the unix work station. do i use 'useradd' command? can u guyz advice on the usage of 'useradd' command as it can comes with 'useradd -D' or 'useradd -e'
thanks :confused: (1 Reply)
Hi, guys. I have two questions:
I need to write a script, which can show all the non-suspended users on system, and suspend the selected user account.
There are two things I am not sure:
1. How can I suspend user's account? What I think is: add a string to the encrypted password in shadow... (2 Replies)
Hi Admins,
As per my knowledge there are two types of user accounts in unix. root and normal users.
If there are any user types for which we can give some priviledges..?
Actually i want to restrict root access and create new accounts for admins with some of the priviledges.
Please let me... (6 Replies)
Hi - I want to log commands typed by oraapps user with time into some log file on runtime.
HISTTIMEFORMAT="%d/%m/%y %T " works but any one with oraapps user can delete the history.
OS : RHEl 5.6
Any help is appreciated. (5 Replies)
Discussion started by: oraclermanpt
5 Replies
LEARN ABOUT NETBSD
adduser
USERADD(8) BSD System Manager's Manual USERADD(8)NAME
useradd -- add a user to the system
SYNOPSIS
useradd -D [-F] [-b base-dir] [-e expiry-time] [-f inactive-time] [-g gid | name | =uid] [-k skel-dir] [-L login-class] [-M home-perm]
[-r lowuid..highuid] [-s shell]
useradd [-moSv] [-b base-dir] [-c comment] [-d home-dir] [-e expiry-time] [-f inactive-time] [-G secondary-group] [-g gid | name | =uid]
[-k skel-dir] [-L login-class] [-M home-perm] [-p password] [-r lowuid..highuid] [-s shell] [-u uid] user
DESCRIPTION
The useradd utility adds a user to the system, creating and populating a home directory if necessary. Any skeleton files will be provided
for the new user if they exist in the skel-dir directory (see the -k option). Default values for the base directory, the time of password
expiry, the time of account expiry, primary group, the skeleton directory, the range from which the uid will be allocated, and default login
shell can be provided in the /etc/usermgmt.conf file, which, if running as root, is created using the built-in defaults if it does not exist.
The first form of the command shown above (using the -D option) sets and displays the defaults for the useradd utility.
See user(8) for more information about EXTENSIONS.
-b base-dir
Set the default base directory. This is the directory to which the user directory is added, which will be created if the -m option
is specified and no -d option is specified.
-D without any further options, -D will show the current defaults which will be used by the useradd utility. Together with one of the
options shown for the first version of the command, -D will set the default to be the new value. See usermgmt.conf(5) for more
information.
-e expiry-time
Set the time at which the new user accounts will expire. It should be entered in the form ``month day year'', where month is the
month name (the first three characters are sufficient), day is the day of the month, and year is the year. Time in seconds since the
epoch (UTC) is also valid. A value of 0 can be used to disable this feature.
-F Force the user to change their password upon next login.
-f inactive-time
Set the time at which passwords for the new user accounts will expire. Also see the -e option above.
-g gid | groupname | =uid
Set the default group for new users.
-k skel-dir
Set the skeleton directory in which to find files with which to populate new users' home directories.
-L login-class
Set the default login class for new users. See login.conf(5) for more information on user login classes. This option is included if
built with EXTENSIONS.
-M home-perm
sets the default permissions of the newly created home directory if -m is given. The permission is specified as an octal number,
with or without a leading zero.
-r lowuid..highuid
Set the low and high bounds of uid ranges for new users. A new user can only be created if there are uids which can be assigned from
one of the free ranges. This option is included if built with EXTENSIONS.
-s shell
Set the default login shell for new users.
In the second form of the command, after setting any defaults, and then reading values from /etc/usermgmt.conf, the following command line
options are processed:
-b base-directory
Set the base directory name, in which the user's new home directory will be created, should the -m option be specified.
-c comment
Set the comment field (also, for historical reasons known as the GECOS field) which will be added for the user, and typically will
include the user's full name, and, perhaps, contact information for the user.
-d home-directory
Set the home directory which will be created and populated for the user, should the -m option be specified.
-e expiry-time
Set the time at which the current password will expire for new users. It should be entered in the form ``month day year'', where
month is the month name (the first three characters are sufficient), day is the day of the month, and year is the year. Time in sec-
onds since the epoch (UTC) is also valid. A value of 0 can be used to disable this feature. See passwd(5) for more details.
-f inactive-time
Set the time at which new user accounts will expire. Also see the -e option above.
-G secondary-group
Add the user to the secondary group secondary-group in the /etc/group file. The secondary-group may be a comma-delimited list for
multiple groups. Or the option may be repeated for multiple groups. (16 groups maximum.)
-g gid | name | =uid
Give the group name or identifier to be used for the new user's primary group. If this is '=uid', then a uid and gid will be picked
which are both unique and the same, and a line added to /etc/group to describe the new group.
-k skeleton directory
Give the skeleton directory in which to find files with which to populate the new user's home directory.
-L login-class
Set the login class for the user being created. See login.conf(5) for more information on user login classes. This option is
included if built with EXTENSIONS.
-M home-perm
sets the permissions of the newly created home directory if -m is given. The permission is specified as an octal number, with or
without a leading zero.
-m Create a new home directory for the new user.
-o Allow the new user to have a uid which is already in use for another user.
-p password
Specify an already-encrypted password for the new user. Encrypted passwords can be generated with pwhash(1). The password can be
changed later by using chpass(1) or passwd(1). This option is included if built with EXTENSIONS.
-S Allow samba user names with a trailing dollar sign to be added to the system. This option is included if built with EXTENSIONS.
-s shell
Specify the login shell for the new user.
-u uid Specify a uid for the new user. Boundaries for this value can be preset for all users by using the range field in the
/etc/usermgmt.conf file.
-v Enable verbose mode - explain the commands as they are executed. This option is included if built with EXTENSIONS.
Once the information has been verified, useradd uses pwd_mkdb(8) to update the user database. This is run in the background, and, at very
large sites could take several minutes. Until this update is completed, the password file is unavailable for other updates and the new
information is not available to programs.
EXIT STATUS
The useradd utility exits 0 on success, and >0 if an error occurs.
FILES
/etc/usermgmt.conf
/etc/skel/*
/etc/login.conf
SEE ALSO chpass(1), passwd(1), pwhash(1), group(5), login.conf(5), passwd(5), usermgmt.conf(5), pwd_mkdb(8), user(8), userdel(8), usermod(8)HISTORY
The useradd utility first appeared in NetBSD 1.5. It is based on the addnerd package by the same author.
AUTHORS
The useradd utility was written by Alistair G. Crooks <agc@NetBSD.org>.
Support for setting permissions of home directories was added by Hubert Feyrer.
BSD January 13, 2009 BSD
06-20-2013
