Exploring the `lslogins` Command (with examples)

Exploring the `lslogins` Command (with examples)

The lslogins command is an incredibly useful utility on Linux systems that provides detailed information about users logged into the system. Whether you’re a system administrator keeping tabs on user activity or a security analyst auditing access logs, lslogins is an essential tool in your Linux toolbox. It can provide insights into who is using the system, when they last logged in, the groups they belong to, and more. This article will explore several use cases demonstrating the versatility and utility of the lslogins command through practical examples.

Use case 1: Displaying all users on the system

Code:

lslogins

Motivation:

Knowing all the users on a system is fundamental for managing and securing it. System administrators need to have an understanding of the users who have accounts on the system to ensure that only authorized individuals have access. Regularly reviewing this list helps in identifying accounts that are no longer in use, which can then be disabled or removed to improve security.

Explanation:

The lslogins command, when used without any additional arguments, provides an overview of all user accounts on the system. This includes both human users and system accounts, giving a comprehensive view.

Example output:

UID USER     PROC PWD-LOCK PWD-DENY LAST-LOGIN GECOS
0   root     1184         0        0 2023-Jan01 root
1000 alice    102         0        1 2023-Oct03 Alice Wonderland
1001 bob       89         0        0 2023-Oct02 Bob Builder

Use case 2: Displaying users belonging to a specific group

Code:

lslogins --groups=developers

Motivation:

In environments where users are organized into groups for role-based access control, it’s crucial to know which users belong to specific groups. By identifying users in a group, such as ‘developers’, system administrators can apply appropriate permissions or restrictions necessary for the group’s function, thus facilitating role-based access management.

Explanation:

The --groups option is followed by the name of a group (in this case, developers). This filters the list to only include users who belong to the specified group. This targeted command is especially helpful when managing complex systems with numerous users and groups.

Example output:

UID USER     PROC PWD-LOCK PWD-DENY LAST-LOGIN GECOS
1000 alice    102         0        1 2023-Oct03 Alice Wonderland
1002 charlie   76         0        0 2023-Sep30 Charlie Chaplin

Use case 3: Displaying user accounts

Code:

lslogins --user-accs

Motivation:

User accounts generally refer to those accounts created for individuals rather than system processes. By distinguishing these accounts, system administrators can focus on securing accounts that have the capability of logging into the system interactively, which is crucial for maintaining system security.

Explanation:

The --user-accs option limits the output to show only user accounts, excluding system accounts. User accounts are those which have a real human counterpart, essential for monitoring login activity and ensuring only necessary accounts are active.

Example output:

UID USER     PROC PWD-LOCK PWD-DENY LAST-LOGIN GECOS
1000 alice    102         0        1 2023-Oct03 Alice Wonderland
1001 bob       89         0        0 2023-Oct02 Bob Builder

Use case 4: Displaying last logins

Code:

lslogins --last

Motivation:

Tracking login times can help detect unusual behavior or potential security breaches. For example, if an administrative account shows login activity at odd hours that doesn’t match the expected usage, it could be an early sign of a compromised account.

Explanation:

The --last option adds a column to the output showing the last login time for each user. This feature is particularly useful for administrators needing to track user activity over time to spot anomalies.

Example output:

UID USER     PROC PWD-LOCK PWD-DENY LAST-LOGIN GECOS
0   root     1184         0        0 2023-Jan01 root
1000 alice    102         0        1 2023-Oct03 Alice Wonderland
1001 bob       89         0        0 2023-Oct02 Bob Builder

Use case 5: Displaying system accounts

Code:

lslogins --system-accs

Motivation:

System accounts are generally used by services or applications on a server to perform functions. Understanding which system accounts are present, and their usage can help manage and secure these roles, which might need special permissions but shouldn’t allow regular user login.

Explanation:

Using the --system-accs option filters the output to include only system accounts. These accounts often have UID values less than a certain threshold (typically 1000 on many Linux distributions) and are meant to be non-human users.

Example output:

UID USER     PROC PWD-LOCK PWD-DENY LAST-LOGIN GECOS
1   daemon    12         0        0           -
2   bin       0          1        0           -
3   sys       0          1        0           -

Use case 6: Displaying supplementary groups

Code:

lslogins --supp-groups

Motivation:

Many users belong to more than one group in a Linux system. Supplementary groups define additional roles and access permissions beyond the primary group of the user. By viewing these groups, administrators can ensure that users have the appropriate access levels across the system.

Explanation:

The --supp-groups option adds a listing of supplementary groups to which each user belongs. This is particularly useful when an administrator needs a detailed understanding of user permissions across different domains of the system.

Example output:

UID USER     PROC SUPPLEMENTARY GROUPS
1000 alice    102 developers, sudo
1001 bob       89 builders, sudo
1002 charlie   76 testers, analytics

Conclusion:

The lslogins command is a versatile tool for Linux administrators needing in-depth information about system user accounts. From understanding who has access to your systems to monitoring user activity and managing groups, lslogins covers a range of scenarios vital for effective system management and security. Each use case demonstrated here reflects a practical need you might encounter in maintaining a Linux environment, showcasing the power and utility of this command. Whether you’re streamlining user management or auditing system access, lslogins is an indispensable part of your administrative toolkit.

Related Posts

How to Use the Command 'sc_warts2text' (with examples)

How to Use the Command 'sc_warts2text' (with examples)

sc_warts2text is a command-line tool used to extract and convert the information contained in a warts file to a human-readable text format.

Read More
How to Manage Devices with 'udevadm' in Linux (with examples)

How to Manage Devices with 'udevadm' in Linux (with examples)

The udevadm command in Linux is a powerful tool used for managing device nodes in the /dev directory.

Read More
How to Use the Command 'aws acm' (with examples)

How to Use the Command 'aws acm' (with examples)

The AWS Certificate Manager (ACM) is a service that simplifies the process of provisioning, managing, and deploying SSL/TLS certificates for your AWS applications.

Read More