Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Managing users on Linux systems

Sandra Henry-Stocker | Sept. 27, 2017
Your Linux users may not be raging bulls, but keeping them happy is always a challenge as it involves managing their accounts, monitoring their access rights, tracking down the solutions to problems they run into, and keeping them informed about important changes on the systems they use.

# cat /etc/sudoers | grep -v "^#" | grep -v "^$"
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
root   ALL=(ALL:ALL) ALL
%admin ALL=(ALL) ALL		<== admin group
%sudo  ALL=(ALL:ALL) ALL	<== sudo group

 

Checking on logins

To see when a user last logged in, you can use a command like this one:

# last jdoe
jdoe     pts/18       192.168.0.11     Thu Sep 14 08:44 - 11:48  (00:04)
jdoe     pts/18       192.168.0.11     Thu Sep 14 13:43 - 18:44  (00:00)
jdoe     pts/18       192.168.0.11     Thu Sep 14 19:42 - 19:43  (00:00)

If you want to see when each of your users last logged in, you can run the last command through a loop like this one:

$ for user in `ls /home`; do   last $user | head -1; done

jdoe     pts/18       192.168.0.11     Thu Sep 14 19:42 - 19:43  (00:03)

rocket   pts/18       192.168.0.11     Thu Sep 14 13:02 - 13:02  (00:00)
shs      pts/17       192.168.0.11     Thu Sep 14 12:45   still logged in

This command will only show you users who have logged on since the current wtmp file became active. The blank lines indicate that some users have never logged in since that time, but doesn't call them out. A better command would be this one that clear displays the users who have not logged in at all in this time period:

$ for user in `ls /home`; do echo -n "$user ";last $user | head -1 | awk '{print substr($0,40)}'; done
dhayes
jdoe pts/18 192.168.0.11 Thu Sep 14 19:42 - 19:43
peanut pts/19 192.168.0.29 Mon Sep 11 09:15 - 17:11
rocket pts/18 192.168.0.11 Thu Sep 14 13:02 - 13:02
shs pts/17 192.168.0.11 Thu Sep 14 12:45 still logged
tsmith

That command is a lot to type, but could be turned into a script to make it a lot easier to use.

#!/bin/bash

for user in `ls /home`
do
   echo -n "$user ";last $user | head -1 | awk '{print substr($0,40)}'
done

Sometimes this kind of information can alert you to changes in users' roles that suggest they may no longer need the accounts in question.

 

Communicating with users

Linux systems provide a number of ways to communicate with your users. You can add messages to the /etc/motd file that will be displayed when a user logs into a server using a terminal connection. You can also message users with commands such as write (message to single user) or wall (write to all logled in users.

 

Previous Page  1  2  3  4  5  Next Page 

Sign up for Computerworld eNewsletters.