[Scottish] User account disabling

[Colin Shorts]

Paxton, Darren wrote:
> Hi All,
> 
> Having one of those moments where no matter where I'm searching, can't seem to find what I'm actually looking for.
> 
> Wondering how any of you are currently handling user account expiry if an account lies idle for a defined amount of time.
> 
> I've seen perl scripts listed in some places, but I'm trying to see if I can use whatever native tools are already in place to identify when the user last logged in (this is on RHEL systems) and then work out if this is greater than the threshold of 90 days.
> 
> At this point, we're not actually going to disable those accounts, just looking for a way to identify them so that systems can be flagged as requiring attention. (hopefully this will all help contribute to the argument for a centralised authentication mechanism).
> 
> Systems are all RHEL so any advice anyone's got on this platform would be greatly appreciated.

`lastlog` will probably be your first port of call:

# lastlog
Username         Port     From             Latest
root             tty1                      Sat Feb 28 14:01:43 +0000 2009
bin                                        **Never logged in**
daemon                                     **Never logged in**
adm                                        **Never logged in**
lp                                         **Never logged in**
sync                                       **Never logged in**
shutdown                                   **Never logged in**

~snip~

You can also specify a range of UID's
# lastlog -u 1000-2000

This might be more useful for parsing - you might not want to disable
some accounts.

> Password expiry is also being enabled therefore was wondering if this could be centred around that as a way of doing the calculation.
> 
> Thanks
> 
> Darren


HTH

-Colin