HPE Community
Operating System - HP-UX
1826354 Members
3917 Online
109692 Solutions
New Discussion

Looking to pull enabled/disabled user account info on system

 
SOLVED
Go to solution
KPS
Super Advisor

‎09-08-2005 05:54 AM

‎09-08-2005 05:54 AM

Looking to pull enabled/disabled user account info on system

Hi,

We're running a Trusted System on HP-UX 11.11.

Is there a way to get a list of only enabled or activated users on my trusted system? Is there some kind of command I can run that will look at all users on my system which I have a lot of and determine if the user is activated or deactivated?
0 Kudos
6 REPLIES 6
DCE
Honored Contributor

‎09-08-2005 05:59 AM

‎09-08-2005 05:59 AM

Re: Looking to pull enabled/disabled user account info on system

You can use /usr/lbin/getprpw to display the users properties.

0 Kudos
Zigor Buruaga
Esteemed Contributor

‎09-08-2005 06:03 AM

‎09-08-2005 06:03 AM

Re: Looking to pull enabled/disabled user account info on system

Hi,

/usr/lbin/getprpw -m lockout your_user

if I recall correctly, should help you on this.
If the output is not 0000000 the user is locked.

Regards,
Zigor
0 Kudos
KPS
Super Advisor

‎09-08-2005 06:05 AM

‎09-08-2005 06:05 AM

Re: Looking to pull enabled/disabled user account info on system

Right, I'm familiar with /usr/lbin/getprpw, but I'm looking for a way to maybe use that on more of a global sense to list all users on the system that have possibly have lockout=0000000 which would mean they're not disabled and active.
0 Kudos
Rick Garland
Honored Contributor

‎09-08-2005 06:10 AM

‎09-08-2005 06:10 AM

Solution

Re: Looking to pull enabled/disabled user account info on system

From the knowledge base, docID USECKBRC00008606

Here is a script to report all users that have deactivated accounts. This can be easily modified to list user accounts that are active.


#!/usr/bin/sh
# Show deactivated users in a trusted system
set -u
PATH=/usr/bin:/usr/sbin:/usr/lbin

NOTTRUSTED=/sbin/true
if [ -x /usr/lbin/modprpw ]
then
modprpw 1> /dev/null 2>&1
if [ $? -eq 2 ]
then
NOTTRUSTED=/sbin/false
fi
fi

if $NOTTRUSTED
then
print "\n This system is not a Trusted System"
exit 1
fi

REASON[1]="past password lifetime"
REASON[2]="past last login time"
REASON[3]="past absolute account lifetime"
REASON[4]="exceeding unsuccessful login attempts"
REASON[5]="password required and a null password"
REASON[6]="admin lock"
REASON[7]="password is a *"

for USER in $(listusers | awk '{print $1}')
do
LOCKOUT=$(getprpw -r -m lockout $USER)
ERR=$?
if [ $ERR != 0 ]
then
print "getprpw failed, error = $ERR"
exit $ERR
fi

# Since multiple reasons may exist in LOCKOUT, process
# each bit position separately

if [ $LOCKOUT != "0000000" ]
then
print "\nUser $USER deactivated for:"
for BIT in 1 2 3 4 5 6 7
do
REASONBIT=$(echo $LOCKOUT | cut -c $BIT)
if [ $REASONBIT != 0 ]
then
if [ $REASONBIT = 1 ]
then
print " ${REASON[$BIT]}"
else
print " Bad character in lockout: $REASONBIT"
fi
fi
done
fi
done

exit 0
0 Kudos
DCE
Honored Contributor

‎09-08-2005 06:17 AM

‎09-08-2005 06:17 AM

Re: Looking to pull enabled/disabled user account info on system

Ken,

This link has a simple script that might meet your needs

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=933189
0 Kudos
KPS
Super Advisor

‎09-08-2005 06:26 AM

‎09-08-2005 06:26 AM

Re: Looking to pull enabled/disabled user account info on system

Thanks everyone......
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.