In an ideal world, user authentication is centralised, typically these days using LDAP or perhaps Microsoft Active Directory. We have robust processes in place to ensure that, when a user leaves (or should no longer have access to their account), their accounts are removed (or disabled).
In the real world, we sometimes find that we have local accounts on our Linux systems, and sometimes they persist longer than perhaps they should.
We can list the user accounts that have not been logged in during the last 60 days with this variant of the lastlog command:
$ lastlog -b 60
There will be some system accounts that won’t have been logged in to during that time or, more likely, never logged in to:
$ lastlog -b 60 Username Port From Latest daemon **Never logged in** bin **Never logged in** sys **Never logged in**
So let’s filter those out:
$ lastlog -b 60|grep -v '**Never logged in**' Username Port From Latest harry pts/4 example.com Sat May 7 10:39:34 +0100 2016
So, user harry hasn’t logged in for more than 60 days. Should his account still exist?
If you prefer, you can find out which account have been logged into in the last 60 days:
$ lastlog -t 60
Hopefully no surprises in the output there…
Was This Linux Tip Helpful?
Let us know in the comments below.