Manage Linux User Activity with Acct/Psacct

The acct or psacct tools are vital for system administrators to track user activity and resource usage on Linux systems. Though they go by different names—acct for Debian/Ubuntu and psacct for RedHat/Fedora—they function identically.

These tools install several programs that work together to monitor users. Here’s a breakdown of the key commands:

• ac: Shows how long users have been connected.
• lastcomm: Lists commands executed by users.
• accton: Enables or disables process accounting.
• sa: Summarizes accounting information.

Installing acct/psacct #

Install the appropriate package for your Linux distribution:

• Debian/Ubuntu: $ sudo apt install acct
• RedHat/Fedora: $ sudo dnf install psacct
• Arch Linux: $ sudo pacman -S acct
• OpenSUSE: $ sudo zypper install acct
• Alpine Linux: $ sudo apk add psacct

After installation, ensure the service is running:

If inactive, start and enable the service:

#

Using acct/psacct #

1. Check User Connect Time:
   • Command: $ ac
   • Shows the total time users have been connected.
2. Check User Connect Time (All Users):
   • Command: $ ac -p
   • Displays login time for each user.
3. Check Day-Wise Connect Time:
   • Command: $ ac -dp
   • Shows login time per day, with usernames.
4. List Commands Executed by Users:
   • Command: $ sudo sa
   • Lists all commands run by users.
5. List Resources Used by Users:
   • Command: $ sudo sa -m
   • Shows recent resource usage per user.
6. List Last Executed Commands:
   • Command: $ sudo lastcomm
   • Displays records of the last commands executed by users.

These tools are indispensable for monitoring user activity and managing system resources effectively.

The acct and psacct tools are invaluable for Linux system administrators who need to monitor user activity and resource usage. These tools offer detailed insights into what users are doing on the system, which can be crucial for auditing, performance optimization, and security purposes.

Why Use Acct or Psacct? #

System administrators often need to track user behavior for several reasons, such as ensuring that no unauthorized activities are occurring, diagnosing system performance issues, or simply understanding how resources are being used. The acct and psacct tools are designed to make this process easier by automatically logging user commands, login times, and resource consumption.

For instance, if you’re managing a multi-user server, it’s essential to know how long each user is connected, what commands they are running, and how much CPU time they are consuming. This information can help in identifying users who may be overutilizing resources or those who may be attempting unauthorized actions.

Key Commands and Their Usage #

Here’s a deeper look into some of the key commands provided by acct or psacct:

1. Tracking User Connection Time with ac:
   • Running the ac command with different options allows you to monitor how long users have been connected to the system. This is particularly useful for billing purposes in a shared environment or for identifying users who might be occupying system resources for extended periods.
2. Monitoring Command Execution with lastcomm:
   • The lastcomm command is another powerful feature of these tools. It logs every command executed by users, along with details such as the time of execution and the command’s duration. This can be extremely helpful in tracking down suspicious activities or understanding user behavior.
3. Resource Usage with sa:
   • The sa command provides a summary of resource usage, including the number of processes executed and the amount of CPU time consumed. By analyzing this data, administrators can detect patterns that may indicate performance bottlenecks or resource misuse.

Practical Applications #

Beyond monitoring, acct and psacct tools are also useful in scenarios where system administrators need to generate reports for auditing purposes. For example, a report generated using these tools could help in compliance audits by providing a clear record of user activities over time.

Moreover, in high-security environments, these tools can serve as a first line of defense by alerting administrators to unusual patterns of activity, such as a user suddenly running a large number of processes or consuming an unusual amount of CPU time.

Conclusion #

In summary, the acct and psacct tools are essential for any Linux system administrator who needs to maintain tight control over user activities and system resource usage. By leveraging the various commands and options these tools offer, administrators can ensure their systems remain secure, efficient, and compliant with organizational policies.