Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] redhat user question

On Tue, Aug 06, 2013 at 03:35:03PM -0400, Eric Chadbourne wrote:
> I'm updating a couple of RedHat boxes for a client and see some most
> likely legacy users.  My first thoughts are, who are these users, do
> they still need access, and what do they have access to?

You can ask the client...  If they don't know who the users are,
disable the accounts and see who complains.

> How do you check for users in such a situation?  I like to do:

You can use tools like last, who, and w to see who's logged in
recently or right now...  For example, 

  last $username

will tell you about the recent logins of $username, assuming that the
user actually logs in via something that updates the utmp/wtmp database,
going as far back as the last time your wtmp was rotated.

> cat /etc/passwd |grep "/home" |cut -d: -f1
> But I know this doesn't show everybody.  I've created users with no
> home before.  

Or users who have a home, but it's not in /home.

> Also how can I tell if a user has root permissions or
> able to access other stuff such as /var/www?

Heavy handed, but something like:

find / -uid $USERS_UID -o -gid $USERS_GID

You probably really would want something that considers perms on the
file, as just because it has group ownership for the user's group
doesn't mean it is group readable/writable... but I leave that as an
exercise for you.

This will also search pseudo file systems like /proc, which you may
want to avoid (as it's basically useless but potentially

Note also that the user has group associations BOTH in /etc/passwd AND
in /etc/group.  You'd need to check them all.

This is time-consuming work, if you want to be thorough...

Derek D. Martin   GPG Key ID: 0xDFBEAD02
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /