This script works. I was able to create a text file for inactive user. Thanks a tone.
Quote:
Originally Posted by kah00na
Here's a script I copied from another forum and quickly tested on one of my boxes:
Code:
#!/usr/bin/ksh
#set -x
#Try this script.
#It will check and lock the accounts automatically for those logins that
#have not been used to s set number of days.
expdays=60 #<< ---- Set number of days in past here!
let expiry=86400*$expdays
locked=" "
LOG_FILE=/tmp/${0}.log
tmp1=/tmp/exp.tmp1.$$
tmp2=/tmp/exp.tmp2.$$
tmp2a=/tmp/exp.tmp2a.$$
tmp3=/tmp/exp.tmp3.$$
# List all users that are allowed to login
lsuser -a login account_locked time_last_login ALL |grep -Ev ^"root|daemon|bin|sys|adm|nobody" | grep "login=true" > $tmp1
# get all users who have logged in at least once with login date
grep 'time_last_login' $tmp1 | sed -e 's/login=true //' -e 's/account_locked=//' -e 's/time_last_login=//' >$tmp2
# get all users who have not logged in since creation
grep -v 'time_last_login' $tmp1 | sed -e 's/login=true //' -e 's/account_locked=//' >$tmp2a
# get today's date in seconds from epoch for comparison
year=`date +%Y`
day=`date +%j`
hour=`date +%H`
minute=`date +%M`
let today="($year - 1970) * 365 * 86400 + ($day - 1) * 86400 + $hour * 3600 + $minute * 60 + ($year - 1969) / 4 * 86400"
# for each user found, check whether has not been unused too long
cat $tmp2 |while read user locked last; do
let min=$today-$expiry
if [[ $min -gt $last ]]; then
let login="($today - $last) / 86400"
echo $user':'$login':'$locked >> $LOG_FILE
#chuser shell='/usr/local/bin/locked' account_locked='true' $user
fi
done
# Remove the tmp files
rm $tmp1
rm $tmp2
rm $tmp2a
Once everything looks good in the LOG_FILE, you can uncomment the "chuser" line if you want to start locking them.
I have SCO OpenServer release 5
I used TIMEOUT and TMOUT in .profile but I donīt Know if is correctly
WND=/usr/synergy/dbl
DTKMAPFIL=/u/ics/icsdat/icsmap.ics
umask 000 ... (1 Reply)
I am just wondering if there is a way I can obtain a free shell account for an AIX server that I can make test drive on it. I tried google search and ibm's web site but couldn't find anything..
regards, (2 Replies)
Is this possible?
Say I create an account today and in 90 days I want it to be turned off.
Is this sort of thing possible using the built in components of a Unix system?
(Using Solaris 9)
I see things about password expires, but what if the person changes his password on the 89th day,... (1 Reply)
Hi,
Can I get a script to list out all the users, who has not logged on since last 90 days. Last command in not working due due to /var/adm/wtmpx is more than 2 GB.
Thanks in advance.
Regards,
Roni (10 Replies)
Hi,
I can list active subservers of subsystem by issuing "lssrc -l -s somesubsystem"
How do I list inactive subservers or at least all subservers(active+inactive) of certain subsystem ?
thanks
Vilius (3 Replies)
I want to learn AIX. I would like to find someone who would be willing to give me a login to their AIX home lab server. My intent is to poke around and discover the similarities and differences of AIX compared to other *NIXs.
I am a UNIX admin so I can think of what some immediate concerns may... (1 Reply)
Hello,
I am testing sudo and I want to test it. Can anyone please let me know few commands (of course other than shutdown, reboot etc. as I can't reboot the box) on AIX that can be run by ROOT only.
Thanks
---------- Post updated at 07:43 PM ---------- Previous update was at 07:38 PM... (5 Replies)
Goal: To disable a Solaris user, after that user was inactive for X days.
My understanding for linux was that there was no systematic way to disable inactive users, therefore we had to set a password expiration via /etc/default/passwd, MaxWeeks; then in /etc/default/useradd (/etc/shadow), the... (1 Reply)
Discussion started by: Drasavokian
1 Replies
LEARN ABOUT HPUX
userstat
userstat(1M)userstat(1M)NAME
userstat - check status of local user accounts
SYNOPSIS
[parm]...
[parm]...
DESCRIPTION
checks the status of local user accounts and reports abnormal conditions, such as account locks.
If any parm arguments are specified, abnormal status is displayed only for those parameters, otherwise abnormal status is displayed for all
parameters. The section describes the various parameter values that can be used for parm.
Each account with an abnormal status is displayed on a single line. Each line contains the username followed by one or more parameters,
indicating what abnormal conditions exist for the account. The section describes the various parameters that can be displayed.
Options
The following options are recognized:
Display the status of all users listed in
(Quiet) Do not print anything to standard output.
This can be used when interested only in the return value.
Check the status of only the specified user
name. The user must be a local user listed in
Parameters
The parameters that could be displayed to indicate abnormal account status, or that could be used with the option, include the following:
is displayed if an administrator lock is present on the account. This lock indicates that the encrypted password in or begins with An
administrator lock can be set, for example, with
is displayed if the account is locked because the account expiration
date has been reached. days is the number of days that the account has been expired. See the description of the expiration field
in shadow(4).
is displayed if the account's password has expired.
days is the number of days that the password has been expired. days is displayed only if its value can be determined.
is displayed if the account is locked because there have been no logins
to the account for a time interval that exceeds the maximum allowed. days is the number of days that the account has been inactive.
See the description of the attribute in security(4).
is displayed if the account is locked because the number of
consecutive authentication failures exceeded the maximum allowed. num is the number of consecutive authentication failures. See
the description of the attribute in security(4).
is displayed if the account is locked because the account has
a null password and is not allowed to have a null password. See the description of the attribute in security(4).
is displayed if the account has a time-of-day login restriction.
times defines the time periods that the user may login. See the description of the attribute in security(4).
Security Restrictions
Users invoking this command must have the authorization. See authadm(1M).
is not supported for trusted systems.
RETURN VALUE
exits with one of the following values:
did not find abnormal status
found abnormal status
invalid usage or user not found
EXAMPLES
The following example reports all abnormal status for all local accounts.
The following example shows that the account for user is not locked due to too many consecutive authentication failures.
FILES
standard password file
shadow password file
user database
SEE ALSO authadm(1M), passwd(4), security(4), shadow(4), userdb(4).
userstat(1M)
03-22-2011
.. Thank you.