Search:  
Gentoo Wiki

HOWTO_Remove_User

This article is part of the HOWTO series.
Installation Kernel & Hardware Networks Portage Software System X Server Gaming Non-x86 Emulators Misc


Please improve it in any way that you see fit, and remove this notice {{Cleanup}} from the article. For tips on cleaning and formatting see Cleanup process


Contents

User and Group system files

User and group information are kept on these system files:

Format of /etc/passwd

This file gives a listing of the users that have accounts on the system. Users can be directly added to the file when edited by root, but users are typically added using the useradd command. Format:

username:password:uid:gid:user_info:home_directory:shell_type

Format of /etc/shadow

The /etc/shadow file is the encrypted password file. This file is not typically directly edited. Format:

username:encrypted password:11843:0:99999:7:::

Format of /etc/group

It lists the groups that have been created on the system and who is in each group. Groups can be managed by creating new lines in the file following the convention, users can be added to an already existing group by adding the new username to the end of the other usernames or after the semicolon of the gid if there are no other members. Format:

groupname:password:gid:username1,username2,username3

Disable user's password

The first task is to disable the user's password. The command passwd -l locks the account by changing the password to a value that cannot be matched by any possible encrypted value.

passwd -l username

Find The User's Files

You have to decide whether to keep or delete user's files. You will find them using find command.

find / -user username

Change The Login Shell

As extra security, you can change the user's login shell to a dummy value. Change the last line in the /etc/passwd file to something like * or /dev/null. Change /etc/passwd from:

username:x:1023:1023::/home/username:/bin/bash

To:

username:x:1023:1023::/home/username:/dev/null

Remove SSH Keys

If your system uses Secure Shell (SSH) and you allow remote RSA or DSA key authentication, a user can get access to the system even if the password is disabled. If you kept the user's home directory, you should remove authorized keys from ~username/.ssh, shosts and rhosts.

Code: Remove SSH Keys
rm -r /home/username/.ssh/*
rm -r /home/username/.ssh2/*
rm -r /home/username/.shosts
rm -r /home/username/.rhosts

Kill The User's Processes

Check if the user has any processes running on the system and kill it.

# ps aux | grep -i ^username
# kill ProcessIDentifyer

Remove User's Cron Jobs

Check whether the user has cron jobs:

# crontab -u username -l

and delete them:

# crontab -u username -r

Remove User From sudoers

If you have sudo installed, you should disable or remove the user from /etc/sudoers. You could use the visudo command:

# visudo
Retrieved from "http://www.gentoo-wiki.info/HOWTO_Remove_User"

Last modified: Thu, 29 May 2008 16:53:00 +0000 Hits: 11,311