Exploring the `lslogins` Command (with examples)
- Linux
- December 17, 2024
The lslogins
command is an incredibly useful utility on Linux systems that provides detailed information about users logged into the system. Whether you’re a system administrator keeping tabs on user activity or a security analyst auditing access logs, lslogins
is an essential tool in your Linux toolbox. It can provide insights into who is using the system, when they last logged in, the groups they belong to, and more. This article will explore several use cases demonstrating the versatility and utility of the lslogins
command through practical examples.
Use case 1: Displaying all users on the system
Code:
lslogins
Motivation:
Knowing all the users on a system is fundamental for managing and securing it. System administrators need to have an understanding of the users who have accounts on the system to ensure that only authorized individuals have access. Regularly reviewing this list helps in identifying accounts that are no longer in use, which can then be disabled or removed to improve security.
Explanation:
The lslogins
command, when used without any additional arguments, provides an overview of all user accounts on the system. This includes both human users and system accounts, giving a comprehensive view.
Example output:
UID USER PROC PWD-LOCK PWD-DENY LAST-LOGIN GECOS
0 root 1184 0 0 2023-Jan01 root
1000 alice 102 0 1 2023-Oct03 Alice Wonderland
1001 bob 89 0 0 2023-Oct02 Bob Builder
Use case 2: Displaying users belonging to a specific group
Code:
lslogins --groups=developers
Motivation:
In environments where users are organized into groups for role-based access control, it’s crucial to know which users belong to specific groups. By identifying users in a group, such as ‘developers’, system administrators can apply appropriate permissions or restrictions necessary for the group’s function, thus facilitating role-based access management.
Explanation:
The --groups
option is followed by the name of a group (in this case, developers
). This filters the list to only include users who belong to the specified group. This targeted command is especially helpful when managing complex systems with numerous users and groups.
Example output:
UID USER PROC PWD-LOCK PWD-DENY LAST-LOGIN GECOS
1000 alice 102 0 1 2023-Oct03 Alice Wonderland
1002 charlie 76 0 0 2023-Sep30 Charlie Chaplin
Use case 3: Displaying user accounts
Code:
lslogins --user-accs
Motivation:
User accounts generally refer to those accounts created for individuals rather than system processes. By distinguishing these accounts, system administrators can focus on securing accounts that have the capability of logging into the system interactively, which is crucial for maintaining system security.
Explanation:
The --user-accs
option limits the output to show only user accounts, excluding system accounts. User accounts are those which have a real human counterpart, essential for monitoring login activity and ensuring only necessary accounts are active.
Example output:
UID USER PROC PWD-LOCK PWD-DENY LAST-LOGIN GECOS
1000 alice 102 0 1 2023-Oct03 Alice Wonderland
1001 bob 89 0 0 2023-Oct02 Bob Builder
Use case 4: Displaying last logins
Code:
lslogins --last
Motivation:
Tracking login times can help detect unusual behavior or potential security breaches. For example, if an administrative account shows login activity at odd hours that doesn’t match the expected usage, it could be an early sign of a compromised account.
Explanation:
The --last
option adds a column to the output showing the last login time for each user. This feature is particularly useful for administrators needing to track user activity over time to spot anomalies.
Example output:
UID USER PROC PWD-LOCK PWD-DENY LAST-LOGIN GECOS
0 root 1184 0 0 2023-Jan01 root
1000 alice 102 0 1 2023-Oct03 Alice Wonderland
1001 bob 89 0 0 2023-Oct02 Bob Builder
Use case 5: Displaying system accounts
Code:
lslogins --system-accs
Motivation:
System accounts are generally used by services or applications on a server to perform functions. Understanding which system accounts are present, and their usage can help manage and secure these roles, which might need special permissions but shouldn’t allow regular user login.
Explanation:
Using the --system-accs
option filters the output to include only system accounts. These accounts often have UID values less than a certain threshold (typically 1000 on many Linux distributions) and are meant to be non-human users.
Example output:
UID USER PROC PWD-LOCK PWD-DENY LAST-LOGIN GECOS
1 daemon 12 0 0 -
2 bin 0 1 0 -
3 sys 0 1 0 -
Use case 6: Displaying supplementary groups
Code:
lslogins --supp-groups
Motivation:
Many users belong to more than one group in a Linux system. Supplementary groups define additional roles and access permissions beyond the primary group of the user. By viewing these groups, administrators can ensure that users have the appropriate access levels across the system.
Explanation:
The --supp-groups
option adds a listing of supplementary groups to which each user belongs. This is particularly useful when an administrator needs a detailed understanding of user permissions across different domains of the system.
Example output:
UID USER PROC SUPPLEMENTARY GROUPS
1000 alice 102 developers, sudo
1001 bob 89 builders, sudo
1002 charlie 76 testers, analytics
Conclusion:
The lslogins
command is a versatile tool for Linux administrators needing in-depth information about system user accounts. From understanding who has access to your systems to monitoring user activity and managing groups, lslogins
covers a range of scenarios vital for effective system management and security. Each use case demonstrated here reflects a practical need you might encounter in maintaining a Linux environment, showcasing the power and utility of this command. Whether you’re streamlining user management or auditing system access, lslogins
is an indispensable part of your administrative toolkit.