- The evolving rate of patch management and eISSU for financials
- This monster 240W charger has features I've never seen on competing accessories - and it's on sale
- Anker's newest USB-C cables are a smart way to future-proof your tech
- Deal alert: Our favorite noise-canceling headphones of 2024 are at their lowest price ever for Black Friday
- Enhancing Container Security with Docker Scout and Secure Repositories | Docker
Viewing user accounts and activities on Linux servers
$ df -h /home Filesystem Size Used Avail Use% Mounted on /dev/sda3 14G 7.2G 5.7G 56% /home
Asking who
The who command provides information on which users are currently logged in. In the case below, justme is logged in on the console and has a terminal window open. The other user currently logged in, shs, is logged in over the network. This is why one login shows the terminal ID and the other the IP addressing from where the login connection has been made.
$ who justme seat0 2024-02-10 12:30 (login screen) justme tty2 2024-02-10 12:30 (tty2) shs pts/1 2024-02-10 12:38 (192.168.0.8)
The who output also displays the login date and time. How long each user spends on the server depends on the work that he or she needs to do on the system.
Listing user account details
To list system accounts, you can check out the entries in the /etc/passwd file. This file contains details including the usernames, user numeric IDs (UIDs), user group ID (GIDs), home directories and which shells they use. The query below is only taking looks at the bottom of the /etc/passwd file because that file contains information on nearly 50 system accounts.
$ tail -6 /etc/passwd shs:x:1001:1001:Sandra H-S:/home/shs:/bin/bash newuser:x:1002:1002:New Guy:/home/newuser:/bin/bash george:x:1003:1003:George M:/home/george:/bin/bash justme:x:1004:1004:Just Me:/home/justme:/bin/bash brie:x:1005:1005:Brie the Cat:/home/brie:/bin/bash lola:x:1006:1006:Lola the Dog:/home/lola:/bin/bash
Notice that no passwords are included in the /etc/passwd file in spite of the file having “passwd” as its name. For many years, passwords have been encrypted and maintained in the /etc/shadow file. Notice that the second field for each user in this colon-separated file entry is more than 70 characters long. The remaining fields relate to password aging.
If passwords are not being aged, you will see a string of 9’s in one of the last fields of the /etc/shadow file. For this to make sense, use the command below to determine today’s “date” in the “since the epoch” time:
$ today=$(( $( date "+%s" ) / 86400 )) $ echo $today 19764
The date the password was last changed and the expiration date shows up near the end of the lines in the /etc/shadow file. Here’s an example in which the password was just recently changed. These are the rightmost fields in the /etc/shadow file for this user.