System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

I need help finding a way to search for disabled account in linux

skt_skt
Honored Contributor

I need help finding a way to search for disabled account in linux


I need help finding a way to search for disabled account in linux..

11 REPLIES
skt_skt
Honored Contributor

Re: I need help finding a way to search for disabled account in linux

disabled/deactivated..
skt_skt
Honored Contributor

Re: I need help finding a way to search for disabled account in linux

need for RHEL AS 2.1/3/4
skt_skt
Honored Contributor

Re: I need help finding a way to search for disabled account in linux


# /sbin/pam_tally --user kumarts
User kumarts (19806) has 0

the last field 0 tell the account is NOT locked.


May be i am confused with account deactivated and locked. What is the diffrence between deactivated and locked.

My intention is to delete the deactivated accounts. But i DONT want the accounts to be deleted whihc are locked (example due to 5 login failures; a needed account can be in locked state at that point of time).

So i want to identify only deactivated accounts?

Stuart Browne
Honored Contributor

Re: I need help finding a way to search for disabled account in linux

If you use the 'passwd -d' command to disable an account, it removes the password from '/etc/shadow', so a simple walk through the shadow file will be able to tell you which users are 'disabled'.

i.e.

awk -F':' '{ if ($2 == "") { printf ("%s is disabled\n", $1) } }' /etc/shadow

But I guess this will depend on how the user was 'disabled'.
One long-haired git at your service...
Venilton Junior
Valued Contributor

Re: I need help finding a way to search for disabled account in linux

Santhosh,

What kind of authentication are u using? LDAP,PAM,Kerberos?

A simple way to disable an account login is to put the last field in /etc/passwd as /sbin/false or in some systems /sbin/nologin.

They act like /dev/null (blackhole)

Hope this help you out.

Regards

RTFM
skt_skt
Honored Contributor

Re: I need help finding a way to search for disabled account in linux

-d This is a quick way to disable a password for an account. It will set the named account passwordless. Avail-
able to root only.

that says "disable a password for an account".i am loking for disabled account/id.

I use pam authentication.I am not looking for "how to prevent login for an account".

below is an example for three different(only) entries in shadow file. the last one is an active account. But not sure what that * and !! means

# egrep -i "kumarts|adm|rpc" /etc/shadow
adm:*:13738:0:99999:7:::
rpc:!!:13738:0:99999:7:::
kumarts:$1$dSKpkrZZ$C/oJlIsnzij8R0Kb.d1MA0:13801:7:60:20:30::
Stuart Browne
Honored Contributor

Re: I need help finding a way to search for disabled account in linux

The awk routine above will show you accounts that have been 'disabled' using 'passwd -d'.

That flag removes the passwored entirely from the shadow file.

!! in the shadow file is impossible to match a password, and is considered 'locked'.

As for '*', on it's own it is also unmatchable.
One long-haired git at your service...
skt_skt
Honored Contributor

Re: I need help finding a way to search for disabled account in linux

So both * and !! indicates disabled account; is it?
Stuart Browne
Honored Contributor

Re: I need help finding a way to search for disabled account in linux

If you use 'passwd -d ', and treat this as 'disabled', then no. The '-d' flag will remove the password from the shadow file. This doesn't really "disable" the user, just removes their password. Depending on how other parts of the system are set up, this could be a simple way to disable a user (see 'PermitEmptyPasswords' configuration directive in 'man sshd_config'), or a really bad way (other users will be able to 'su' without a password, or telnet in if 'telnetd' is enabled).

Entries in the shadow file with '!!' or '*' in the password file are usualy system users that services use, but never log in. It is impossible to log in as these users usually by means other than the 'su' command.

Entries with '!' are 'locked' users ('passwd -l '). This is a true disabled user.

So, it all comes down to what is in place on your system for disabling users. If you are only using the expiration of passwords to disable users, none of this discussion takes it into account. See 'chage' and the 'passwd' tools for more details on that.
One long-haired git at your service...
skt_skt
Honored Contributor

Re: I need help finding a way to search for disabled account in linux

closig with the current informations. Thanks to all.
skt_skt
Honored Contributor

Re: I need help finding a way to search for disabled account in linux

closig with the current informations. Thanks to all.