I have recently got access to a legacy server previously manage by someone else.
Access control and password changing is the priority by now.
I have some shell base knowledge but definitely not a senior sysadmin. And need some guidance and general suggestion about his topic.
So I have root access and I can check the list of users.
I wonder if there’s a way to understand immediately from /etc/passwd contents what are the unix user that could possibly access the system, filtering out the standard user.
System is Ubuntu 16
And I can see from passwd that root is the only user having “/bin/bash”:
Other users seems more related to installed services..
So maybe no other users apart root were used before to access the system
Is there a way to check it?
I’m supposing that all users having the last row token like:
:/usr/sbin/nologin :/bin/false :[void no chars]
should be system’s service users
Thanks for any advice