• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3824
  • Last Modified:

how can find out when user is created in AIX

how can i find out when the user has been created.
0
Prajith
Asked:
Prajith
1 Solution
 
lucius_theCommented:
On any UNIX:
cat /etc/passwd will list all users

also

cat /etc/passwd | grep <username>

will show you a line if that user exists.
0
 
woolmilkporcCommented:
Hi,

short answer: you can't - at least not in a reliable way, unless you had enabled the auditing feature of AIX and have kept the logs.

You could look at the creation time of the user's .profile and hope that they didn't change it.

Here is a rather good IBM Redbook on auditing:

http://www.redbooks.ibm.com/redbooks/pdfs/sg246396.pdf

Sorry, no better way!

wmp



1
 
arober11Commented:
If this is an on-going requirement Tripwire and / or IBM's tivoli security tool's can capture / log user additions / changes.

If you want to find out when the user first / last logged in try:

last | grep user-id
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
woolmilkporcCommented:
>> find out when the user first / ... logged in <<

arober11, how would you find out the first login? Would be great if this was possible (but I don't believe so).

The outcome of last depends on the contents of wtmp, a file which gets cleaned up regularly by most people.

wmp
1
 
arober11Commented:
Wouldn't count on the wtmp being rotated / truncated regularly, as most non Development servers I've played on have had 12-36 months worth of history.  If it hasn't been truncated it should give an indication of how long the account has been around, and the IP(s) the ID has been used from, if access was external, not via su.

Note: Have assumed the server isn't subject to SOX of PCI-DSS reg's as audit logging would have been enabled and probably spooled to the syslog and on to a separate log server, to pass an audit.


0
 
arober11Commented:
Another rough option, if you have password aging enabled and a local shadow password file, you'll have a timestamp for the last password change.
0
 
PrajithAuthor Commented:
not bad
0
 
woolmilkporcCommented:
In which way did the answer you accepted help you?

Just curious ...
1

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now