Open Source — Linux Security Toolkit

userctl

Audit. Provision. Restrict.

A production-grade CLI toolkit for managing Linux service accounts and enforcing least-privilege shell policies at scale.

$curl -sL https://raw.githubusercontent.com/saharshpamecha/userctl/main/install.sh | bash

Try Interactive Demo Read Docs

One tool. Complete control.

Everything you need to manage service accounts across your Linux infrastructure.

Audit

Scan all accounts. Flag service users with interactive shells. JSON/CSV/table output for CI pipelines.

userctl audit --all

Provision

Declare users in YAML. Apply state across servers. Create, update, or remove — idempotent, every time.

userctl apply -f users.yaml

Restrict

Auto-enforce /sbin/nologin on service accounts. One command to harden your entire fleet.

userctl restrict --auto

Report

Generate compliance reports. SOC2-friendly. Exportable. Know your posture before the auditor does.

userctl report

Live Simulation

Try it right here

Full interactive simulation — type commands or click the quick-action buttons. No install needed.

Declarative. Version-controlled.

Define your desired user state in a simple YAML file. Preview changes with diff, then apply with confidence. Git-friendly, auditor-friendly.

Idempotent — run it 100 times, same result

Dry-run mode to preview before applying

Supports present/absent lifecycle states

users.yaml

# Declarative user config
- username: kirsty
  shell: /sbin/nologin
  groups: backup,monitoring
  state: present

- username: deploy-bot
  shell: /bin/false
  groups: docker,deploy
  state: present

- username: old-contractor
  state: absent

Built for real workflows

From CI pipelines to compliance audits — userctl fits into your existing stack.

CI/CD Pipelines

Run userctl audit --format json in your pipeline. Fail the build if service accounts have interactive shells.

Fleet Hardening

Combine with Ansible or SSH loops. One YAML config, consistent state across 500+ servers.

Compliance Audits

Generate reports before SOC2/ISO audits. Prove least-privilege shell policy enforcement.

Onboarding/Offboarding

Declarative user lifecycle. Add to YAML on join, set state: absent on exit. Version-controlled.

Get started in 10 seconds

Single-file Bash script. No dependencies. Works on any Linux distro.

Option 1 — Quick install

$ curl -sL https://raw.githubusercontent.com/saharshpamecha/userctl/main/install.sh | bash

Option 2 — Manual

$ git clone https://github.com/saharshpamecha/userctl.git

$ chmod +x userctl/cli/userctl

$ sudo cp userctl/cli/userctl /usr/local/bin/