Visit Our UNIX and Linux User Community


How to list Inactive user account in AIX 5.3?


 
Thread Tools Search this Thread
Operating Systems AIX How to list Inactive user account in AIX 5.3?
# 1  
Old 03-21-2011
Java How to list Inactive user account in AIX 5.3?

Hello,

I have a situation, where I ask for to get a list of all inactive users (expire or locked in last 41 days). I looked into /etc/shadow (no such file in my server). I referred some old threads but not found useful information.
I'm using AIX 5.3 .... I have total 1641 users in server.

Folks ... answer are really appreciated. Thank you. Smilie
# 2  
Old 03-22-2011
There is no /etc/shadow on AIX. A similar file is /etc/security/passwd and some others in that directory. The information you are looking for should be in /etc/security/lastlog.

Last edited by zaxxon; 03-22-2011 at 06:05 AM.. Reason: rephrasing
This User Gave Thanks to zaxxon For This Post:
# 3  
Old 03-22-2011
@zaxxon - thanks for reply.
How can I break it in simple to locate only inactive user (expire or locked in last 41 days) from /etc/security/lastlog. I have 1641 user account. Anybody please post some script to make this operation simple. Thank you - Sumit
# 4  
Old 03-22-2011
Java

Here's a script I copied from another forum and quickly tested on one of my boxes:
Code:
#!/usr/bin/ksh
#set -x

#Try this script.
#It will check and lock the accounts automatically for those logins that
#have not been used to s set number of days.

expdays=60 #<< ---- Set number of days in past here!
let expiry=86400*$expdays
locked=" "
LOG_FILE=/tmp/${0}.log
tmp1=/tmp/exp.tmp1.$$
tmp2=/tmp/exp.tmp2.$$
tmp2a=/tmp/exp.tmp2a.$$
tmp3=/tmp/exp.tmp3.$$

# List all users that are allowed to login
lsuser -a login account_locked time_last_login ALL |grep -Ev ^"root|daemon|bin|sys|adm|nobody" | grep "login=true" > $tmp1

# get all users who have logged in at least once with login date
grep 'time_last_login' $tmp1 | sed -e 's/login=true //' -e 's/account_locked=//' -e 's/time_last_login=//' >$tmp2

# get all users who have not logged in since creation
grep -v 'time_last_login' $tmp1 | sed -e 's/login=true //' -e 's/account_locked=//' >$tmp2a

# get today's date in seconds from epoch for comparison
year=`date +%Y`
day=`date +%j`
hour=`date +%H`
minute=`date +%M`

let today="($year - 1970) * 365 * 86400 + ($day - 1) * 86400 + $hour * 3600 + $minute * 60 + ($year - 1969) / 4 * 86400"

# for each user found, check whether has not been unused too long
cat $tmp2 |while read user locked last; do
     let min=$today-$expiry
     if [[ $min -gt $last ]]; then
          let login="($today - $last) / 86400"
          echo $user':'$login':'$locked >> $LOG_FILE
          #chuser shell='/usr/local/bin/locked' account_locked='true' $user
fi
done

# Remove the tmp files
rm $tmp1
rm $tmp2
rm $tmp2a

Once everything looks good in the LOG_FILE, you can uncomment the "chuser" line if you want to start locking them.
This User Gave Thanks to kah00na For This Post:
# 5  
Old 03-22-2011
As a start, this will filter out all accounts that didn't log in the last 41 days.
Bear in mind, that this will also list technical user, for example for daemons, as they never logged in, most probably.

Code:
awk -v now="$(perl -e "print time")" '
   BEGIN{
      d=41
      el=now-(d*86400)
   }
   /:$/ {sub(/:/,""); a=$1; next}
   /time_last_login/ && !/^\*/ {if($3 < el) {print a}}
' lastlog

Filtering out locked accounts etc. is your part now Smilie
This User Gave Thanks to zaxxon For This Post:
# 6  
Old 03-22-2011
Smilie .. Thank you.

This script works. I was able to create a text file for inactive user. Thanks a tone.

Smilie

Quote:
Originally Posted by kah00na
Here's a script I copied from another forum and quickly tested on one of my boxes:
Code:
#!/usr/bin/ksh
#set -x

#Try this script.
#It will check and lock the accounts automatically for those logins that
#have not been used to s set number of days.

expdays=60 #<< ---- Set number of days in past here!
let expiry=86400*$expdays
locked=" "
LOG_FILE=/tmp/${0}.log
tmp1=/tmp/exp.tmp1.$$
tmp2=/tmp/exp.tmp2.$$
tmp2a=/tmp/exp.tmp2a.$$
tmp3=/tmp/exp.tmp3.$$

# List all users that are allowed to login
lsuser -a login account_locked time_last_login ALL |grep -Ev ^"root|daemon|bin|sys|adm|nobody" | grep "login=true" > $tmp1

# get all users who have logged in at least once with login date
grep 'time_last_login' $tmp1 | sed -e 's/login=true //' -e 's/account_locked=//' -e 's/time_last_login=//' >$tmp2

# get all users who have not logged in since creation
grep -v 'time_last_login' $tmp1 | sed -e 's/login=true //' -e 's/account_locked=//' >$tmp2a

# get today's date in seconds from epoch for comparison
year=`date +%Y`
day=`date +%j`
hour=`date +%H`
minute=`date +%M`

let today="($year - 1970) * 365 * 86400 + ($day - 1) * 86400 + $hour * 3600 + $minute * 60 + ($year - 1969) / 4 * 86400"

# for each user found, check whether has not been unused too long
cat $tmp2 |while read user locked last; do
     let min=$today-$expiry
     if [[ $min -gt $last ]]; then
          let login="($today - $last) / 86400"
          echo $user':'$login':'$locked >> $LOG_FILE
          #chuser shell='/usr/local/bin/locked' account_locked='true' $user
fi
done

# Remove the tmp files
rm $tmp1
rm $tmp2
rm $tmp2a

Once everything looks good in the LOG_FILE, you can uncomment the "chuser" line if you want to start locking them.

Previous Thread | Next Thread
Test Your Knowledge in Computers #443
Difficulty: Easy
FHM, a men's lifestyle magazine, asked 1,344 women if they preferred to hang out with a computer science expert or a footballer, and 1,023 (76.116%) stated they preferred geeks over athletes.
True or False?

10 More Discussions You Might Find Interesting

1. Solaris

Disable Inactive User in Solaris 11

Goal: To disable a Solaris user, after that user was inactive for X days. My understanding for linux was that there was no systematic way to disable inactive users, therefore we had to set a password expiration via /etc/default/passwd, MaxWeeks; then in /etc/default/useradd (/etc/shadow), the... (1 Reply)
Discussion started by: Drasavokian
1 Replies

2. AIX

List of AIX commands that can be run by ROOT user ONLY

Hello, I am testing sudo and I want to test it. Can anyone please let me know few commands (of course other than shutdown, reboot etc. as I can't reboot the box) on AIX that can be run by ROOT only. Thanks ---------- Post updated at 07:43 PM ---------- Previous update was at 07:38 PM... (5 Replies)
Discussion started by: prvnrk
5 Replies

3. AIX

User Account Login Login on your AIX server

I want to learn AIX. I would like to find someone who would be willing to give me a login to their AIX home lab server. My intent is to poke around and discover the similarities and differences of AIX compared to other *NIXs. I am a UNIX admin so I can think of what some immediate concerns may... (1 Reply)
Discussion started by: perl_in_my_shel
1 Replies

4. UNIX for Dummies Questions & Answers

Difference between : Locked User Account & Disabled User Accounts in Linux ?

Thanks AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies

5. AIX

List inactive subservers ?

Hi, I can list active subservers of subsystem by issuing "lssrc -l -s somesubsystem" How do I list inactive subservers or at least all subservers(active+inactive) of certain subsystem ? thanks Vilius (3 Replies)
Discussion started by: vilius
3 Replies

6. Solaris

List all inactive users who has not logged on since last 90 days

I need actuall script which List all inactive users who has not logged on since last 90 days Thanks in advance. Di! (17 Replies)
Discussion started by: haridham
17 Replies

7. UNIX for Dummies Questions & Answers

List all inactive users who has not logged on since last 90 days

Hi, Can I get a script to list out all the users, who has not logged on since last 90 days. Last command in not working due due to /var/adm/wtmpx is more than 2 GB. Thanks in advance. Regards, Roni (10 Replies)
Discussion started by: manasranjanpand
10 Replies

8. UNIX for Dummies Questions & Answers

Make an account inactive after 90 days.

Is this possible? Say I create an account today and in 90 days I want it to be turned off. Is this sort of thing possible using the built in components of a Unix system? (Using Solaris 9) I see things about password expires, but what if the person changes his password on the 89th day,... (1 Reply)
Discussion started by: LordJezo
1 Replies

9. AIX

AIX shell account

I am just wondering if there is a way I can obtain a free shell account for an AIX server that I can make test drive on it. I tried google search and ibm's web site but couldn't find anything.. regards, (2 Replies)
Discussion started by: milhan
2 Replies

10. UNIX for Dummies Questions & Answers

Canīt logout to user inactive

I have SCO OpenServer release 5 I used TIMEOUT and TMOUT in .profile but I donīt Know if is correctly WND=/usr/synergy/dbl DTKMAPFIL=/u/ics/icsdat/icsmap.ics umask 000 ... (1 Reply)
Discussion started by: lalox
1 Replies

Featured Tech Videos