On occasion, you may wish to remove a user's access from your server altogether.
If you are a Red Hat user, the easiest way to remove an unneeded user account is with the ``userdel'' command, which must be typed as ``root''. An example follows:
/usr/sbin/userdel baduser |
The above command will remove the entry matching the username ``baduser from the ``/etc/passwd'', file, and, if you're using the Shadow password format (which you should be; see the section called Linux Password & Shadow File Formats for details), the ``/etc/shadow''.
Note: The ``/etc/group'' is not modified, to avoid removing a group that other user(s) may also belong to. This isn't much of a big deal, but if this bothers use, you can edit the group file and remove the entry manually. |
Should you wish to remove the user's home directory as well, add the ``-r'' option to the ``userdel'' command. For example:
/usr/sbin/userdel -r baduser |
I recommend not removing an account right away, but first simply disable it, especially if you are working with a corporate server with lots of users. After all, the former user may one day require the use of his or her account again, or may request a file or two which was stored in their home directory. Or perhaps a new user (such as an employee replacement) may require access to the former user's files. In any event, make sure you have backups of the former user's home directory, “just-in-case”. See the section called Disabling User Accounts for details on disabling an account, and Chapter 8 for details on how to perform backups.