To remove a user account:
- Lock the user account database: if the /etc/.pwlock file
doesn't exist, lock the account files by creating it; if it does exist, wait until
it's gone.
- Remove the account entry in /etc/passwd and
/etc/shadow to disable future logins, or change the login
shell to a program that simply terminates, or that displays a message and then
terminates.
- Remove references to the user from the /etc/group file.
- Unlock the account database by removing /etc/.pwlock.
- If necessary, remove or change ownership of system resources that the user owned.
- If necessary, remove or alter references to the user in email systems, TCP/IP
access control files, applications, and so on.
Instead of removing a user, you can disable the account by using the
passwd utility to change the account's password. In this way, you
can tell which system resources the former user owned, since the user ID-to-name
translation still works. When you do this, the passwd utility
automatically handles the necessary locking and unlocking of the account database.
If you ever need to log in to that account, you can either use the
su
(switch user) utility to switch to that account (from
root), or log in to the account. If you forget the password for
the account, remember that the root user can always change it.
What should you do with any resources that a former user owned? Here are
some of your options:
- If you've retained the user account in the account database but disabled it by
changing the password or the login shell, you can leave the files as they are.
- You can assign the files to another user:
find / -user user_name_or_ID -chown new_username
- You can archive the files, and optionally move them to other media:
find / -user user_name_or_ID | pax -wf archivefile
- You can remove them:
find / -user user_name_or_ID -remove!
CAUTION:
If you remove a user's account in the account database but don't remove or change the
ownership of their files, it's possible that a future account may end up with the same
numeric user ID, which would make the new user the owner of any files left behind by the
old one.