Delete User Accounts

[darkishdave]

Hello,

Is there a way to delete all users who haven't logged in, say in 400 days and all users who has never logged login with one command?

Can this be done all at once instead of checking individual accounts at once?

Thanks,

-darkishdave

[refracta]

cant think of anything....sounds dangerous and prone to error too...

[penpen]

There's probably a number of ways you could do this, but I would advise taking a few precautions before running a script to do this, primarily because on most linux systems there are a number of user accounts created that never log in because they're not meant to. They're usually indicated by a /bin/false or /sbin/nologin as their shell in /etc/passwd.

Knowing this, you could write a script to ignore the users that should be kept by the system while still being able to search for other users that have never logged in for a certain timeframe.

lastlog -b 400 will display all of the users that have not logged in within the last 400 days, including those that have never logged in. We can use this to get the list you're looking for.

Example:

Code: Select all

#!/bin/sh
function normuser() {
NORMAL_USERS=`grep -Ev '/bin/false|/sbin/nologin|root|/sbin/halt|/sbin/shutdown' /etc/passwd | cut -d ":" -f 1`

echo "Normal users that have never logged in or logged in within the last 400 days:"

for i in $NORMAL_USERS
   do lastlog -b 400 | grep $i
done
}

normuser

I would confirm that there are no important users that still show up in the output of that script, then you could add the following to use it to delete the printed list of users:

Code: Select all

echo "Deleting above list of users..."
for i in `normuser | cut -d " " -f 1`
   do userdel $i
done

Of course, this is just one of many ways you could achieve this, I would just make sure you test the list of users that is generated to make sure no important ones are accidentally removed. You may also want to consider adding command line options to the userdel command if you want to make sure it deletes their home directories / mail upon removal.

Hope this helps.

[milomak]

i think the type of users referred to above by penpen would be the users whose ids are less than 1000.

[penpen]

i think the type of users referred to above by penpen would be the users whose ids are less than 1000.

oh duh how could I have forgotten that.
It seems there are exceptions to even the most basic conventions, though:

Code: Select all

nobody:x:65534:65534:nobody:/:/bin/false

still, it'd be easy enough to modify the script I wrote above to check based on user id instead of a text filter.

[refracta]

I would think that if /var/log/lastlog has been rotated then it will be unable to track anything further back than the last rotation

[penpen]

I would think that if /var/log/lastlog has been rotated then it will be unable to track anything further back than the last rotation

I'm thinking he may be running into some other problems if that file has been rotated:

NOTE
The lastlog file is a database which contains info on the last login of
each user. You should not rotate it. It is a sparse file, so its size
on the disk is usually much smaller than the one shown by "ls -l"
(which can indicate a really big file if you have in passwd users with
a high UID). You can display its real size with "ls -s".

[darkishdave]

Example:

Code: Select all

#!/bin/sh
function normuser() {
NORMAL_USERS=`grep -Ev '/bin/false|/sbin/nologin|root|/sbin/halt|/sbin/shutdown' /etc/passwd | cut -d ":" -f 1`

echo "Normal users that have never logged in or logged in within the last 400 days:"

for i in $NORMAL_USERS
   do lastlog -b 400 | grep $i
done
}

normuser

Thanks a million, but it still throws up system users.

Code: Select all

Usage: grep [OPTION]... PATTERN [FILE]...
Try `grep --help' for more information.
./userdeltest.sh: line 6: /bin/false|/sbin/nologin|root|/sbin/halt|/sbin/shutdown: No such file or directory
Normal users that have never logged in or logged in within the 
last 400 days:

[darkishdave]

Ahh...I thought about it.

The user must have a home directory in /home/. Then I am less likely to delete system users.