Where can I find logs regarding the user creation?

command-line logs 12.04

When you have created a new user look in /var/log/auth.log; the details are in there. I just created new user jim by running sudo adduser jim, for example, and this is at the end of auth.log (I have removed the date and host name from the start of the log):

 sudo: mike : TTY=pts/2 ; PWD=/home/mike ; USER=root ; COMMAND=/usr/sbin/adduser jim
 sudo: pam_unix(sudo:session): session opened for user root by mike(uid=1000)
 groupadd[1731]: group added to /etc/group: name=jim, GID=1001
 groupadd[1731]: group added to /etc/gshadow: name=jim
 groupadd[1731]: new group: name=jim, GID=1001
 useradd[1735]: new user: name=jim, UID=1001, GID=1001, home=/home/jim, shell=/bin/bash
 passwd[1742]: pam_unix(passwd:chauthtok): password changed for jim
 passwd[1742]: gkr-pam: couldn't update the login keyring password: no old password was entered chfn[1743]: changed user 'jim' information
 sudo: pam_unix(sudo:session): session closed for user root

This particular log is very useful as it records all use of elevated privileges such as creating a user, running Synaptic, etc, and also notes who has done it.

Related

Are ubuntu software center sources different from apt-get / synaptic?
How to 'talk' to USB modem in Linux?
How to check if netconsole really works?
How to fix a failing grub-pc package installation in Hyper-V virtual machine?
How can I make apt-get upgrade the kernel, similarly to aptitude?
cursor jumps when moving (and some other times)
How do I disable the minimization effect?
Kernel Update : Kvm disabled by bios
Apt-get broken after termination in mid-install
How do I Dual Boot Windows 8 UEFI and Ubuntu 12.10? [duplicate]
How to recover deleted folders or files (by shift+delete) from an NTFS partition
Printing with Lacie Lightscribe requires root privileges