What is the best way to logout ALL USERS remotely over the ssh based session in Linux like operating systems?

You need to use the following commands:

a] who or w command – Show who is logging on and what they are doing.

b] pkill command – Kill user session and forcefully logout of the system.

c] shutdown command – Arranges for the system to be bring down in a safe way.

Examples

Use the who command to see list of logged in users as follows:

# w

OR

# who

Sample outputs:

root     pts/0        Jul 29 13:53 (10.1.6.120)

nixcraft pts/1        Jul 29 12:30 (10.1.6.121)

sailee   pts/2        Jul 29 12:33 (10.1.6.121)

To force and logout nixcraft and sailee user, enter:

# pkill -KILL -u nixcraft

# pkill -KILL -u sailee

Alternatively, just try bash and friends kung-fu and save time:

### warning must be run as root or via sudo ###

who | awk  !/root/{ cmd= /sbin/pkill -KILL -u   $1; system(cmd)}

OR

### warning must be run as root or via sudo ###

Safe version ###

who | awk  $1 !~ /root/{ cmd= /sbin/pkill -KILL -u   $1; system(cmd)}

Finally, you can shutdown the system as follows:

# shutdown -h now

Instead of killing all users one by one you can type the following shutdown command with the warning message:

# shutdown -h +10  Server is going down for maintenance in 10 minute. Please save ALL your work ASAP and logout of the system.

Please note that this method will not work with ftp/smtp/pop3 and all other user accounts on the server. I recommend that you set maintenance windows for your server when network traffic is at a minimum or when users/client computers were not engaged in other activities on the server. For example, week-end or the period between midnight and 3:00 a.m. can be set as maintenance windows for your system.

Recommended readings

See man pages – who(1),w(1),pkill(1),shutdown(8)

am a new Unix system admin. How do I find ouw who has recently use the Linux or Unix-like server? Which terminals they used, and when they logged in and out of the my server?

You need to use last command. This command displays last logins of users and ttys.

Listing the Last times a user logged in on server

The syntax is as follows:

last

OR

last [UserNameHere]

OR

last [option] [UserNameHere]

Example: Display Linux user last login

To display when a user named ‘vivek’ last logged in to the system, type:

$ last vivek

$ last vivek | less

Sample outputs:

Fig.01: last command in action on my Debian base nas server

The output in this example tell us when user vivek last logged in. The output will go back for several months or more as last command searches back through the file /var/log/wtmp and displays a list of all users logged in (and out) since that file was created.

Display a list of recent system use for all users

Simply type the last command:

$ last

OR

$ last | less

Sample outputs taken from my RHEL based server:

root     pts/0        10.1.6.120       Mon Jan 27 06:26   still logged in

root     pts/0        10.1.6.120       Mon Jan 27 03:37 – 06:26  (02:48)

root     pts/0        10.1.6.120       Sun Jan 26 02:47 – 09:28  (06:40)

root     pts/4        10.1.6.120       Sat Jan 25 11:02 – 11:02  (00:00)

root     pts/0        10.1.6.120       Sat Jan 25 10:15 – 13:12  (02:56)

root     pts/4        10.1.6.120       Sat Jan 25 06:01 – 06:32  (00:31)

root     pts/0        10.1.6.120       Sat Jan 25 03:08 – 09:04  (05:55)

root     pts/4        10.1.6.120       Sat Jan 25 01:06 – 03:18  (02:11)

root     pts/0        10.1.6.120       Fri Jan 24 23:59 – 02:11  (02:12)

root     pts/0        10.1.6.120       Fri Jan 24 05:30 – 08:39  (03:08)

root     pts/0        10.1.6.120       Thu Jan 23 04:22 – 05:41  (01:19)

….

…

…

root     pts/1        10.1.6.120       Sun Jan  5 11:09 – 14:29  (03:20)

root     pts/0        10.1.6.120       Sun Jan  5 10:05 – 12:19  (02:14)

reboot   system boot  2.6.32-431.3.1.e Sun Jan  5 10:02 – 06:52 (21+20:50)

root     pts/0        10.1.6.120       Sun Jan  5 09:58 – down   (00:00)

root     pts/0        10.1.6.120       Sun Jan  5 03:33 – 05:45  (02:12)

root     pts/1        10.1.6.120       Sat Jan  4 15:06 – 17:28  (02:21)

root     pts/0        10.1.6.120       Sat Jan  4 13:46 – 15:58  (02:11)

root     pts/0        10.1.6.120       Sat Jan  4 05:05 – 07:16  (02:11)

root     pts/1        10.1.6.120       Fri Jan  3 14:29 – 15:44  (01:15)

root     pts/0        10.1.6.120       Fri Jan  3 13:20 – 15:32  (02:11)

root     pts/0        10.1.6.120       Thu Jan  2 05:19 – 05:32  (00:13)

root     pts/0        10.1.6.120       Tue Dec 31 13:57 – 16:06  (02:09)

wtmp begins Tue Dec 31 13:57:23 2013

See also

I strongly suggest that you see our last command examples page.

Read last(1).

See /var/log/wtmp file.

run a multi-user system. Most users access resources using ssh client. How can I stop leaking process information to all users on Linux operating systems? How do I prevent users from seeing processes that do not belong to them on a Debian/Ubuntu/RHEL/CentOS Linux server?

If you are using Linux kernel version 3.2+ (or RHEL/CentOS v6.5+ above) you can hide process from other users. Only root can see all process and user only see their own process. All you have to do is remount the /proc filesystem with the Linux kernel hardening hidepid option.

Say hello to hidepid option

This option defines how much info about processes we want to be available for non-owners. The values are as follows:

hidepid=0 – The old behavior – anybody may read all world-readable /proc/PID/* files (default).

hidepid=1 – It means users may not access any /proc// directories, but their own. Sensitive files like cmdline, sched*, status are now protected against other users.

hidepid=2 It means hidepid=1 plus all /proc/PID/ will be invisible to other users. It compicates intruder’s task of gathering info about running processes, whether some daemon runs with elevated privileges, whether another user runs some sensitive program, whether other users run any program at all, etc.

Linux kernel protection: Hiding processes from other users

Type the following mount command:

# mount -o remount,rw,hidepid=2 /proc

Edit /etc/fstab, enter:

# vi /etc/fstab

Update/append/modify proc entry as follows so that protection get enabled automatically at server boot-time:

proc    /proc    proc    defaults,hidepid=2     0     0

Save and close the file.

Linux demo: Prevent users from seeing processes that do not belong to them

In this example, I’m login as vivek@cbz-test:

$ ssh vivek@cbz-test

$ ps -ef

$ sudo -s

# mount -o remount,rw,hidepid=2 /proc

$ ps -ef

$ top

$ htop

Sample outputs:

Animated gif 01: hidepid in action

Tip: Dealing with apps that breaks when you implement this technique

You need to use gid=VALUE_HERE option:

gid=XXX defines a group that will be able to gather all processes’ info (as in hidepid=0 mode). This group should be used instead of putting nonroot user in sudoers file or something. However, untrusted users (like daemons, etc.) which are not supposed to monitor the tasks in the whole system should not be added to the group.

So add the user called monapp to group (say admin) that want to see process information and mount /proc as follows in /etc/fstab:

proc /proc proc defaults,hidepid=2,gid=admin 0 0

References

procfs: add hidepid= and gid= mount options

‘m setting up a new FreeBSD server. I do not want to use a default root user who has full system access. How can I setup and grant sudo privileges to users on a FreeBSD VPS or server?

The root account has full system level access and usually reserved for admin tasks only.

The sudo command allows a very small delegation of power to users other than the root user. This is good tool if you have many users, logging everything the users do with privileges, and you are granting certain privileges. Unless the user is specified, sudo will escalate the privilege to root.

In this quick tutorial I will show you:

How to create a new user on a FreeBSD server.

How too add users access to the sudo command.

How to delete users from the sudo command.

Install sudo app on a FreeBSD server/vps

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to

give as few privileges as possible but still allow people to get their work done. You can install sudo using port, type:

# cd /usr/ports/security/sudo/ && make install clean

Or as a binary package, enter:

# pkg install security/sudo

Adding a new user on FreeBSD

The recommended command-line application for adding new users is called adduser. Just type the following command and it will walks through the steps for creating a new user account on a FreeBSD VPS or server:

# adduser

Grant users administrative privileges on FreeBSD

The configuration file is located in /etc/sudoers or /usr/local/etc/sudoers and is read-only by default. visudo command can be used to easily modify the sudoers

configuration file.

To add a username to sudoers

$ su –

# visudo

Append the following line and exit from a text editor:

alice All=(ALL) ALL

This will allow the user alice to issue sudo command and be root. It will first ask for her password. To skip asking for password when sudo command is issued, change the line to:

alice ALL=(ALL) NOPASSWD: ALL

If you want alice to only have sudo privileges on one server in a network and restrict her to /bin/ls command as user, you would add the following:

alice server1=(bob) /bin/ls  /home/bob

Every usage of sudo gets logged in /var/log/messages file.

A sudo user can escalate to root by using the sudo command:

[alice@hostname~]$ sudo su –

OR

[alice@hostname~]$ sudo -s

Or, to execute a command as root:

[alice@hostname ~]$ sudo whoami

Or, to execute a command as another user:

[alice@hostname ~]$ sudo -u bob ls /home/bob

Remove a username from sudoers

To remove the privileges, take the user off the sudoers configuration file i.e. delete following line from config file by running visudo command:

alice ALL=(ALL) NOPASSWD: ALL

OR

alice All=(ALL) ALL

To completely remove a user (say alice) from the system, run rmuser as the superuser:

# rmuser alice

For more usage patterns, see the man pages: sudo(8),sudoers(5),visudo(8)

This quick tutorial was contributed by Wendy Michele. You can too contribute to nixCraft.

ow do I add a user to the wheel group in FreeBSD unix operating systems using command line options?

You need to use the pw command line utility for adding, modifying and removing users and groups on a FreeBSD operating systems. You must be root user to modify system configuration including pw command.

Add existing user called vivek to the wheel group

The syntax is:

pw group mod {GROUP-NAME-HERE} -m {USERNAME-HERE}

pw group mod wheel -m vivek

If the user named vivek already exists add her to the wheel group.

Add new user called sai while creating a new account

The syntax is:

pw user add {USERNAME-HERE} -G {GROUP-NAME-HERE}

pw user add sai -G wheel

The above command creates the sai primary group automatically, and add a user in the wheel group when her account is first created on a FreeBSD unix operating systems.

How do I verify new group membership on a FreeBSD?

The syntax is:

pw groupshow {GROUP-NAME-HERE}

pw groupshow wheel

pw groupshow sai

pw groupshow vivek

Determine Group Membership Of sai and vivek Users ##

id sai

id vivek

y Linux shell user can modify their password using the passwd command. How can I force users to choose the secure password that will prevent users from using stupid passwords like “abc123”, “password”, “123456” and so on? How do I setup password quality requirements on my Debian or Ubuntu Linux server?

You need to install libpam_cracklib package which includes a PAM module that tests passwords to make sure they are not too weak during password change while using the passwd command on Linux.

Securing passwords with libpam_cracklib

The strength libpam_cracklib checks works in the following manner. At first the Cracklib routine is called to check if the password is part of a dictionary; if this is not the case an additional set of strength checks is done. These checks are:

Is the new password a palindrome?

Is the new password the the old one with only a change of case?

Is the new password too much like the old one? This is primarily controlled by one argument, difok which is a number of character changes (inserts, removals, or replacements) between the old and new password that are enough to accept the new password. This defaults to 5 changes.

Is the new password too small? This is controlled by 6 arguments minlen, maxclassrepeat, dcredit, ucredit, lcredit, and ocredit.

Is the new password a rotated version of the old password?

Optional check for same consecutive characters.

Optional check for too long monotonic character sequence.

Optional check whether the password contains the user’s name in some form.

The /etc/passwd file and /etc/shadow file are used on Linux to store user information including passwords.

Installation

Type the following command to install libpam_cracklib on an Ubuntu or Debian Linux based system:

$ sudo apt install libpam-cracklib

OR

$ sudo apt-get install libpam-cracklib

Sample outputs:

Fig.01: Install a PAM module called Cracklib

Configuration

You need to edit the file /etc/pam.d/common-password, enter:

$ sudo cp /etc/pam.d/common-password /root/

$ sudo nano /etc/pam.d/common-password

OR

$ sudo cp /etc/pam.d/common-password /root/

$ sudo vi /etc/pam.d/common-password

Now you can force users to have strong passwords that contain complex characters including lowercase, digits, uppercase, spacial characters and punctuation. Locate the line:

password        requisite                       pam_cracklib.so retry=3 minlen=8 difok=3

And update it as follows:

password        requisite                       pam_cracklib.so retry=3 minlen=16 difok=3 ucredit=-1 lcredit=-2 dcredit=-2 ocredit=-2

Where,

retry=3 : Prompt user at most 3 times before returning with error. The default is 1.

minlen=16 : The minimum acceptable size for the new password.

difok=3 : This argument will change the default of 5 for the number of character changes in the new password that differentiate it from the old password.

ucredit=-1 : The new password must contain at least 1 uppercase characters.

lcredit=-2 : The new password must contain at least 2 lowercase characters.

dcredit=-2 : The new password must contain at least 2 digits.

ocredit=-2 : The new password must contain at least 2 symbols.

Negative (N>0) vs Positive (N<0) numbers in an option

Of course, these are sample values. The negative number such as -2 (e.g. ucredit=-2) indicates that this is the minimum number of upper case letters that must set a new password. The positive number is the maximum credit for having digits in the new password. If you have less than or N digits, each digit will count +1 towards meeting the current minlen value. The default for dcredit is 1 which is the recommended value for minlen less than 10. You may need to change/adjust these values as per your setup to avoid brute force attack.

Test it

Now if user try to setup a new simple (weak) password:

$ sudo passwd vivek

New password:

BAD PASSWORD: it is too short

BAD PASSWORD: is too simple

Retype new password:

Sorry, passwords do not match.

New password:

BAD PASSWORD: it is WAY too short

BAD PASSWORD: is a palindrome

Retype new password:

Sorry, passwords do not match.

New password:

Here is a sample password that will pass our requirements:

5I!L0ve@PiaZza6YeS

OR

s^8Kn<bzg9Ruv,8s

And there you have it, secure password set automatically using security checks and constraints using libpam-cracklib on Debian or Ubuntu Linux system.

am a new Ubuntu Linux 16.04.xx LTS server user. How do I create a new sudo user on my server? How do I add a new user as sudoer file using the command line option on Ubuntu?

In Linux (and Unix in general), there is a SuperUser named root. The root user can do anything and everything, and thus doing daily work as the root can be very dangerous. You could type a command incorrectly and destroy the system. The sudo command allows a permitted user to run a command as the superuser (root user) or another user, as specified by the security policy. Often the sudo used on servers to give admin permissions and privileges to ordinary users. In this quick tutorial, you will learn how to create a sudo user on Ubuntu.

Steps to create a new sudo user on Ubuntu

First add the user, run: sudo adduser <UserNameHere>

Add the user to sudo group by typing the command in terminal for Ubuntu version 12.04 and above: sudo adduser <UserNameHere> sudo

In older version of Ubuntu (version 12.04 and older), run: sudo adduser <UserNameHere> admin

Verify it: id <UserNameHere>

More about admin and sudo group on Ubuntu server

The members of the admin group may gain root privileges. All members of group sudo run any command on Ubuntu server. So just add the user to the sudo group on Ubuntu server. The admin group has been deprecated since Ubuntu version 12.04 and above. Hence, no longer exists or used in Ubuntu 12.04 or above. The reason it works:

# grep -B1 -i  ^%sudo  /etc/sudoers

OR

$ sudo grep -B1 -i  ^%sudo  /etc/sudoers

Sample outputs:

# Allow members of group sudo to execute any command

%sudo ALL=(ALL:ALL) ALL

Let us see some practical examples.

How to add a new user named vivek to sudo using the command line?

Open the terminal or login to your remote server:

$ ssh root@server-name-IP-here

$ ssh root@server1.cyberciti.biz

{ root@server:/root} #

How to add the user named vivek

# adduser vivek

OR

$ sudo adduser vivek

Sample outputs:

Fig.01: How to add the new user on Ubuntu

How to create a sudo user on Ubuntu for vivek account

Type the following command:

# adduser vivek sudo

OR use the usermod command to add user to group on Linux:

# usermod -aG sudo vivek

OR

$ sudo usermod -aG sudo vivek

OR

$ sudo adduser vivek sudo

Sample outputs:

Fig.02: Add user vivek to sudo to get administrator privileges

How to print user account info

Verify new user and group membership with the [nicmd name=”id”]:

$ id vivek

Sample outputs:

Fig.03: Show user and group information

How to test sudo access for vivek user account

Now user vivek can login using the ssh command command as follows:

$ ssh vivek@server1.cyberciti.biz

Verify that vivek can use sudo command:

$ sudo cat /etc/sudoers

The first time you use sudo command, you will be asked for the password of the vivek account. So type the vivek’s password to gain root access. Any command type with sudo should run with root privileges for vivek account. To gain root shell, enter:

$ sudo -s

Sample outputs:

Fig.03: Testing sudo access for vivek user account

And there you have it. Allowing other users to run sudo on Ubuntu server and granting users administrator privileges.

am trying to delete a user named vivek using the userdel command as follows

userdel -r vivek

userdel: user vivek is currently used by process 749

How do I fix this problem and delete username vivek on a Debian Linux 9.x server?

One can use the userdel command to delete a user account on a Debian or any other Linux distro. It is a low level utility for removing users.

On Debian, sysadmin should usually use deluser command instead.

Understanding problem

It seems that PID # 749 used by a user named vivek. It can be simple open ssh session or something running in the background. Use the ps command to find out about a PID # 749:

$ ps aux | grep 749

Sample outputs:

vivek      749  0.0  0.1  92716  4028 ?        S    17:03   0:00 sshd: vivek@pts/0

root     10038  0.0  0.0  12784   944 pts/1    S+   17:13   0:00 grep 749

The ‘sshd: vivek@pts/0’ indicates that active ssh session. From the man page:

userdel will not allow you to remove an account if there are running processes which belong to this account. In that case, you may have to kill those processes or lock the user’s password or account and remove the account later. The -f option can force the deletion of this account.

So, all you have to do is kill this PID and run the userdel command again using either the kill command/killall command:

# kill -15 749

OR

# killall -TERM -u vivek

Verify it:

$ ps aux | grep 749

Now delete the user account name vivek:

# userdel -r vivek

Verify that user account deleted from /etc/passwd and /etc/shadow file with the id command or grep command:

$ id vivek

$ grep ^vivek /etc/passwd

$ grep vivek /etc/shadow

Another option is to pass the -f option to the userdel command. This option forces the removal of the user account, even if the user is still logged in. It also forces userdel to remove the user’s home directory and mail spool, even if another user uses the same home directory or if the mail spool is not owned by the specified user. You must be very careful while using the -f option as it may leave your system in an inconsistent state:

# userdel -f userNameHere

See man pages for more info:

$ man userdel

$ man deluser

$ man 5 passwd

$ man 5 shadow