HPE Community
Operating System - Linux
1752795 Members
5853 Online
108789 Solutions
New Discussion юеВ

Re: I need help finding a way to search for disabled account in linux

 
skt_skt
Honored Contributor

тАО10-26-2007 08:26 AM

тАО10-26-2007 08:26 AM

I need help finding a way to search for disabled account in linux


I need help finding a way to search for disabled account in linux..

0 Kudos
11 REPLIES 11
skt_skt
Honored Contributor

тАО10-26-2007 08:28 AM

тАО10-26-2007 08:28 AM

Re: I need help finding a way to search for disabled account in linux

disabled/deactivated..
0 Kudos
skt_skt
Honored Contributor

тАО10-26-2007 11:03 AM

тАО10-26-2007 11:03 AM

Re: I need help finding a way to search for disabled account in linux

need for RHEL AS 2.1/3/4
0 Kudos
skt_skt
Honored Contributor

тАО10-26-2007 11:14 AM

тАО10-26-2007 11:14 AM

Re: I need help finding a way to search for disabled account in linux


# /sbin/pam_tally --user kumarts
User kumarts (19806) has 0

the last field 0 tell the account is NOT locked.


May be i am confused with account deactivated and locked. What is the diffrence between deactivated and locked.

My intention is to delete the deactivated accounts. But i DONT want the accounts to be deleted whihc are locked (example due to 5 login failures; a needed account can be in locked state at that point of time).

So i want to identify only deactivated accounts?

0 Kudos
Stuart Browne
Honored Contributor

тАО10-26-2007 11:57 AM

тАО10-26-2007 11:57 AM

Re: I need help finding a way to search for disabled account in linux

If you use the 'passwd -d' command to disable an account, it removes the password from '/etc/shadow', so a simple walk through the shadow file will be able to tell you which users are 'disabled'.

i.e.

awk -F':' '{ if ($2 == "") { printf ("%s is disabled\n", $1) } }' /etc/shadow

But I guess this will depend on how the user was 'disabled'.
One long-haired git at your service...
0 Kudos
Venilton Junior
Valued Contributor

тАО10-27-2007 02:00 AM

тАО10-27-2007 02:00 AM

Re: I need help finding a way to search for disabled account in linux

Santhosh,

What kind of authentication are u using? LDAP,PAM,Kerberos?

A simple way to disable an account login is to put the last field in /etc/passwd as /sbin/false or in some systems /sbin/nologin.

They act like /dev/null (blackhole)

Hope this help you out.

Regards

RTFM
0 Kudos
skt_skt
Honored Contributor

тАО10-27-2007 01:00 PM

тАО10-27-2007 01:00 PM

Re: I need help finding a way to search for disabled account in linux

-d This is a quick way to disable a password for an account. It will set the named account passwordless. Avail-
able to root only.

that says "disable a password for an account".i am loking for disabled account/id.

I use pam authentication.I am not looking for "how to prevent login for an account".

below is an example for three different(only) entries in shadow file. the last one is an active account. But not sure what that * and !! means

# egrep -i "kumarts|adm|rpc" /etc/shadow
adm:*:13738:0:99999:7:::
rpc:!!:13738:0:99999:7:::
kumarts:$1$dSKpkrZZ$C/oJlIsnzij8R0Kb.d1MA0:13801:7:60:20:30::
0 Kudos
Stuart Browne
Honored Contributor

тАО10-27-2007 07:05 PM

тАО10-27-2007 07:05 PM

Re: I need help finding a way to search for disabled account in linux

The awk routine above will show you accounts that have been 'disabled' using 'passwd -d'.

That flag removes the passwored entirely from the shadow file.

!! in the shadow file is impossible to match a password, and is considered 'locked'.

As for '*', on it's own it is also unmatchable.
One long-haired git at your service...
0 Kudos
skt_skt
Honored Contributor

тАО10-28-2007 11:44 AM

тАО10-28-2007 11:44 AM

Re: I need help finding a way to search for disabled account in linux

So both * and !! indicates disabled account; is it?
0 Kudos
Stuart Browne
Honored Contributor

тАО10-28-2007 06:29 PM

тАО10-28-2007 06:29 PM

Re: I need help finding a way to search for disabled account in linux

If you use 'passwd -d ', and treat this as 'disabled', then no. The '-d' flag will remove the password from the shadow file. This doesn't really "disable" the user, just removes their password. Depending on how other parts of the system are set up, this could be a simple way to disable a user (see 'PermitEmptyPasswords' configuration directive in 'man sshd_config'), or a really bad way (other users will be able to 'su' without a password, or telnet in if 'telnetd' is enabled).

Entries in the shadow file with '!!' or '*' in the password file are usualy system users that services use, but never log in. It is impossible to log in as these users usually by means other than the 'su' command.

Entries with '!' are 'locked' users ('passwd -l '). This is a true disabled user.

So, it all comes down to what is in place on your system for disabling users. If you are only using the expiration of passwords to disable users, none of this discussion takes it into account. See 'chage' and the 'passwd' tools for more details on that.
One long-haired git at your service...
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.