Removing accounts

To remove a user account:

1. Lock the user account database: if the /etc/.pwlock file doesn't exist, lock the account files by creating it; if it does exist, wait until it's gone.
2. Remove the account entry in /etc/passwd and /etc/shadow to disable future logins, or change the login shell to a program that simply terminates, or that displays a message and then terminates.
3. Remove references to the user from the /etc/group file.
4. Unlock the account database by removing /etc/.pwlock.
5. If necessary, remove or change ownership of system resources that the user owned.
6. If necessary, remove or alter references to the user in email systems, TCP/IP access control files, applications, and so on.

Instead of removing a user, you can disable the account by using the passwd utility to change the account's password. In this way, you can tell which system resources the former user owned, since the user ID-to-name translation still works. When you do this, the passwd utility automatically handles the necessary locking and unlocking of the account database.

If you ever need to log in to that account, you can either use the su (“switch user”) utility to switch to that account (from root), or log in to the account. If you forget the password for the account, remember that the root user can always change it.

What should you do with any resources that a former user owned? Here are some of your options:

• If you've retained the user account in the account database but disabled it by changing the password or the login shell, you can leave the files as they are.
• You can assign the files to another user:

  find / -user user_name_or_ID -chown new_username
    

• You can archive the files, and optionally move them to other media:

  find / -user user_name_or_ID |  pax -wf archivefile
    

• You can remove them:

  find / -user user_name_or_ID -remove!