topic Re: passwd file cleanup in Operating System - HP-UX

passwd file cleanup

Wilfred Chau_1 — Wed, 16 Jan 2002 17:25:30 GMT

How do you guys cleanup your /etc/passwd and remove users who have not logon for a long time?

Re: passwd file cleanup

Kevin Wright — Wed, 16 Jan 2002 17:28:21 GMT

vipw, or much easier is userdel.
see the man page for userdel.

Re: passwd file cleanup

James R. Ferguson — Wed, 16 Jan 2002 17:34:53 GMT

Hi:

If you like SAM, you can do it there. SAM will offer you the option of removing or transfering ownership of a user's files to another.

Remember that if you merely remove a user from /etc/passwd manually, then the user's files remain on the system. The file's inode contains the uid even though /etc/passwd can no longer translate number-to-name. If you have ever done this, you can look for "orphaned" files with:

# find /home /usr /var /tmp -nouser

...or for a specific uid:

# find /home /usr /var /tmp -user 103

Regards!

...JRF...

Re: passwd file cleanup

Wilfred Chau_1 — Wed, 16 Jan 2002 17:41:36 GMT

Do you have a script of some sort to determine a user has not been logging on for a long time? We have well over 50+ servers here, doing it manually is a pain.

I am using finger and has attempted to use last but I am just wondering if there is any better solution. How can I get the atime of .sh_history?

Re: passwd file cleanup

Joseph C. Denman — Wed, 16 Jan 2002 17:45:42 GMT

Another thing to check. If you are removing an admin user and he/she was assigned a uid of 0. Then DO NOT let sam remove his/her files. You could wipe out everything.

Just a gotcha

...jcd...

Re: passwd file cleanup

Kevin Wright — Wed, 16 Jan 2002 18:04:35 GMT

for i in `cat /etc/passwd| awk -F: '{print $1}`
do
expr=ls -la /home/kwright |awk '{print $6" "$7}'
if [ date < $exp ];then
userdel $i
done

This will give you an idea..but you need to get the MATH part right to fit your need. date could be the current date - 50 days or something.

Re: passwd file cleanup

Christopher Caldwell — Wed, 16 Jan 2002 18:54:46 GMT

If you're running trusted, the getprpwent function (man 3 getprpwent) will give you the last successful login (see fd_slogin).

Once you get a list of who can be removed, we use userdel (man 1m userdel) in a script to remove the users.

Re: passwd file cleanup

Wilfred Chau_1 — Wed, 16 Jan 2002 19:19:18 GMT

I have a better picture now. But unfortunately I am not running trusted.

Re: passwd file cleanup

Christopher Caldwell — Wed, 16 Jan 2002 19:57:34 GMT

BTW, even if you're not running trusted, given that you can determine last login (see the last command - man last) to produce a list of inactive folks, you can still user userdel.

Re: passwd file cleanup

Mark Greene_1 — Wed, 16 Jan 2002 23:31:06 GMT

if you run pwchk -a, you will get a list of login ids with no home dir, or with password problems if you have tcb enabled.

HTH
mark

Re: passwd file cleanup

Bill Hassell — Thu, 17 Jan 2002 02:46:43 GMT

Since I backup my systems regularly, I am ruthless about non-users. I find $HOME directories where all the files (especially shell history) are older than 3 months. I script userdel to remove the user and related files, and as mentioned, always verify the user ID. Someone may have hacked into the system and created an ID=0 user. Trust me: you DON'T want to remove files owned by this user!

If the user complains, that's good. Now I can find out why $HOME is not being changed. I can always restore the user once I understand the usage.