When you first sign into a Linux server to take over the role of managing it, there are a number of things that you will need to know right away about the systemâs user accounts â such as where they are stored, how you list them, how you can determine who is logged in, how to view how often users log in, how to list what processes your users are running, determining if users change their passwords from time to time, and checking if they are members of more than one user group.
Listing user accounts
User accounts, often referred to as the usersâ âhome accounts,â are generally stored in the /home directory. In fact, /home will usually occupy its own file system partition to preserve its disk space for user files alone. Use the âls /homeâ or the âls -l /homeâ to list accounts on the system. The first command will simply show the home directories. The directory names should be the same as the usernames. With the -l argument, you will see a âlong listingâ which will generally include lines like these:
drwx------. 1 brie brie 289 Feb 6 11:23 brie drwx------. 1 lola lola 3265 Feb 11 09:16 lola
Clearly these two users are not providing access to other users. Their read, write and execute permissions are associated only with their own privileges (rwx) and none with the group or anyone else. The following two â—â strings indicate no read, write or execute permissions have been provided to other group members (if any exist) or to other users on the system.
Note that, on some more rare systems, you might see home directories stored in /export/home. Those accounts might be shared on other servers where they are mounted on /home.
Checking disk space
To get a quick look at disk usage by user, you can run a command like the one below. Notice that it requires sudo and uses the âsâ argument to give summaries by user.
$ sudo du -sh /home/* 12K /home/brie 223M /home/fedora 16K /home/george 49M /home/justme 12K /home/lola 12K /home/newuser 125M /home/shs
The overall home partition on this system is a little more than 50% full. Itâs important to know when disk space is running low and sometime to gauge how fast itâs filling up.
$ df -h /home Filesystem Size Used Avail Use% Mounted on /dev/sda3 14G 7.2G 5.7G 56% /home
Asking who
The who command provides information on which users are currently logged in. In the case below, justme is logged in on the console and has a terminal window open. The other user currently logged in, shs, is logged in over the network. This is why one login shows the terminal ID and the other the IP addressing from where the login connection has been made.
$ who justme seat0 2024-02-10 12:30 (login screen) justme tty2 2024-02-10 12:30 (tty2) shs pts/1 2024-02-10 12:38 (192.168.0.8)
The who output also displays the login date and time. How long each user spends on the server depends on the work that he or she needs to do on the system.
Listing user account details
To list system accounts, you can check out the entries in the /etc/passwd file. This file contains details including the usernames, user numeric IDs (UIDs), user group ID (GIDs), home directories and which shells they use. The query below is only taking looks at the bottom of the /etc/passwd file because that file contains information on nearly 50 system accounts.
$ tail -6 /etc/passwd shs:x:1001:1001:Sandra H-S:/home/shs:/bin/bash newuser:x:1002:1002:New Guy:/home/newuser:/bin/bash george:x:1003:1003:George M:/home/george:/bin/bash justme:x:1004:1004:Just Me:/home/justme:/bin/bash brie:x:1005:1005:Brie the Cat:/home/brie:/bin/bash lola:x:1006:1006:Lola the Dog:/home/lola:/bin/bash
Notice that no passwords are included in the /etc/passwd file in spite of the file having âpasswdâ as its name. For many years, passwords have been encrypted and maintained in the /etc/shadow file. Notice that the second field for each user in this colon-separated file entry is more than 70 characters long. The remaining fields relate to password aging.
If passwords are not being aged, you will see a string of 9âs in one of the last fields of the /etc/shadow file. For this to make sense, use the command below to determine todayâs âdateâ in the âsince the epochâ time:
$ today=$(( $( date \"+%s\" ) / 86400 )) $ echo $today 19764
The date the password was last changed and the expiration date shows up near the end of the lines in the /etc/shadow file. Hereâs an example in which the password was just recently changed. These are the rightmost fields in the /etc/shadow file for this user.
19740:0:99999:7:::
Compare that to the expiration field in the /etc/shadow file like this to determine how long before the password will expire:
$ expr 86400 - 19763 66637
It looks like weâre got quite a ways to go! Of course, this would be very different if annual or semi-annual password changing were enforced on this system.
Viewing recent logins
You can view a userâs recent logins using the âlastâ command:
$ last lola | head -11 lola pts/3 192.168.0.8 Sat Feb 10 12:55 still logged in lola pts/1 192.168.0.8 Sat Feb 10 12:38 - 13:10 (00:31) lola tty2 tty2 Sat Feb 10 12:13 - 12:35 (00:22) lola seat0 login screen Sat Feb 10 12:13 - 12:36 (00:22) lola pts/1 192.168.0.8 Wed Jan 31 12:52 - 14:11 (01:19) lola pts/0 192.168.0.8 Tue Jan 30 11:45 - 12:35 (00:50) lola pts/1 192.168.0.22 Mon Jan 29 11:25 - 12:06 (00:41) lola tty2 tty2 Mon Jan 29 11:23 - down (00:43) lola seat0 login screen Mon Jan 29 11:23 - down (00:43) lola pts/1 192.168.0.8 Fri Jan 26 12:27 - 13:11 (00:44) lola pts/0 192.168.0.22 Thu Jan 25 13:45 - 13:47 (00:02)
This report will show the most recent logins for the user you are asking about.
User groups
By default, Linux users will each be put into their own private groups when their accounts are set up and their group IDs (GIDs) will start at 1,000. For example:
rejustme:x:1004:
The group for the user named âjustmeâ is assigned group number 1004 (same as that userâs UID) and the group has no password, so it shows up as an âxâ.
Shared groups can also be set up in the /etc/groups file by including the group name, the group number and the members in a format like this:
sysadmins:x:88:george,lola
Wrap-up
Configuring and managing Linux accounts is fairly easy. It just takes getting used to a handful of commands and managing the servers properly. One thing this post has not covered is monitoring disk space use for user accounts.