HPE Community
Operating System - HP-UX
1824210 Members
4211 Online
109669 Solutions
New Discussion юеВ

Activated Users on a Trusted System

 
SOLVED
Go to solution
KPS
Super Advisor

тАО07-27-2005 02:16 AM

тАО07-27-2005 02:16 AM

Activated Users on a Trusted System

Hi,

We're running Trusted Systems here and we have many users on these systems on 11.0 and 11i. If I need to list or display only "Activated" users for some auditing reasons,and omit the "DeActivated" users, how would I go about doing this?

Thanks,
KPS
0 Kudos
Reply
5 REPLIES 5
Mel Burslan
Honored Contributor

тАО07-27-2005 02:36 AM

тАО07-27-2005 02:36 AM

Re: Activated Users on a Trusted System

I am not exactly sure what you mean by active and deactivated users but this little snippet of code should give you the account status of any given user:

ID=username_here
STATUS=$(/usr/lbin/getprpw -l -r -m lockout $ID)
RC=$?
case "$RC" in
0 ) case "$STATUS" in
0000000 ) print "Account Active." ;;
1?????? ) print "LOCKED: Past password lifetime." ;;
?1????? ) print "LOCKED: Past inactive time." ;;
??1???? ) print "LOCKED: Past account lifetime." ;;
???1??? ) print "LOCKED: too many failed logins." ;;
????1?? ) print "LOCKED: passwd required." ;;
?????1? ) print "LOCKED: Locked by Admin." ;;
??????1 ) print "LOCKED: Password is a *." ;;
* ) print "Unknown status code returned."; exit 10;;
esac
;;
1 ) print "You are not privileged to run this command."
exit 1
;;
2 ) print "Incorrect getprpw usage."
exit 2
;;
3 ) print "Password file is not found."
exit 3
;;
4 ) print -n "**NOT in Trusted Mode:"
STATUS=$(/usr/bin/passwd -s $ID|awk '{print $2}')
case "$STATUS" in
LK ) print "LOCKED" ;;
PS ) print "Account Active" ;;
"" ) print "No Account" ;;
* ) print "Unknown Status,$STATUS."; exit 10 ;;
esac
;;
* ) print "Unknown getprpw RC, $RC, returned."; exit 10 ;;
esac

From this point, you can derive the output you require.

Hope it helps.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
KPS
Super Advisor

тАО07-27-2005 02:43 AM

тАО07-27-2005 02:43 AM

Re: Activated Users on a Trusted System

What I mean is that some users are deactivated due to account expiration or lockout reasons and so forth which are controls we have setup in our Trusted System configurations.

So in the list of users I I hoped to generate, I didn't want to include those users that our deactivated for the above reasons. I only wanted to pull the list for users that are active.
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО07-27-2005 02:54 AM

тАО07-27-2005 02:54 AM

Re: Activated Users on a Trusted System

This should get you started:

#!/usr/bin/sh

PATH=${PATH}:/usr/lbin
PWFILE=/etc/passwd

typeset -i STAT=0
awk -F ':' '{print $1}' ${PWFILE} | while read USER
do
echo "${USER}\c"
LCK=$(getprpw -m lockout ${USER} | tr -c -d "[0-9]")
STAT=${?}
if [[ ${STAT} -eq 0 ]]
then
echo "\t${LCK}\c"
else
echo "Getprpw failed for user ${USER}; status ${STAT}." >&2
fi
echo
done
exit ${STAT}

For users that are not locked out, ${LCK} will be all zeros; for users that are locked out a 1 will be in one of the positions. Man getprpw to determine how to interpret the lockout value.

If it ain't broke, I can fix that.
Reply
Jim Mallett
Honored Contributor

тАО07-27-2005 05:00 AM

тАО07-27-2005 05:00 AM

Solution

Re: Activated Users on a Trusted System

You already have some working answers here but here's what I use:

for i in $(cat /etc/passwd | awk -F: '{print $1}')
do
STATUS="$i: `/usr/lbin/getprpw -m lockout $i`"
echo $STATUS | grep 0000000
done

If by chance you want to find out who IS locked out I just change 'grep' to 'grep -v'.

Jim
Hindsight is 20/20
Reply
KPS
Super Advisor

тАО07-27-2005 05:33 AM

тАО07-27-2005 05:33 AM

Re: Activated Users on a Trusted System

Thanks to everyone that replied. This last script here is exactly what I was looking for. Thanks again to all!

KPS
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.