From owner-freebsd-questions Thu Jan 23 09:18:32 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA00428 for questions-outgoing; Thu, 23 Jan 1997 09:18:32 -0800 (PST) Received: from seagull.rtd.com (seagull.rtd.com [198.102.68.2]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA00422 for ; Thu, 23 Jan 1997 09:18:29 -0800 (PST) Received: (from dgy@localhost) by seagull.rtd.com (8.7.5/8.7.3) id KAA00974; Thu, 23 Jan 1997 10:11:00 -0700 (MST) From: Don Yuniskis Message-Id: <199701231711.KAA00974@seagull.rtd.com> Subject: Re: Delete User To: isis@servtech.com (Jen and Luke) Date: Thu, 23 Jan 1997 10:11:00 -0700 (MST) Cc: gjennejohn@frt.dec.com, sakti@idola.net.id, questions@FreeBSD.ORG In-Reply-To: <32E78D54.446B9B3D@servtech.com> from "Jen and Luke" at Jan 23, 97 11:09:56 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk It seems that Jen and Luke said: > > garyj@frt.dec.com wrote: > > > > sakti@idola.net.id writes: > > > 1. What is a command to delete user ? > > > > I think there's a deluser script, but I can't remember for which version > > it's standard. > > > > > 2. I delete user with manual step : > > > a. remove user property from /etc/passwd > > > b. remove user's homdir > > > why never success ?, I mean the user name is removed from /etc/passwd but > > -they still success to login ? > > > > you *must* use vipw to change /etc/passwd, otherwise the password > > database file (which is what really gets used by login) is not > > updated. Did you use vipw ? > > I do it this way: > 1. erase users line from /etc/master.passwd > 2. erase their dir > 3. run pwd_mkdb -p /etc/master.passwd > > Does anyone know if thats wrong? I think the vipw method is preferable since it does all the file locking for you. I recommend *not* removing the entry from /etc/passwd but, rather, filling the password field with ``*'' to effectively prohibit the user from using the account. This allows /etc/passwd to serve as an informal record of current AND PREVIOUS login id's. On a small system, it's great. On a larger system, you probably want to create a *separate* database to hold expired logins (maybe passwd.deleted??). This helps insure that a login doesn't get reused too quickly -- embarassing when "bob" #1's email starts being received by "bob" #2! It also gives you a record of old accounts in case you receive some complaint at a future date, etc. In addition to 'rm -r ~username' you probably want to 'rm /var/mail/username' (or, if you're a nice guy, archive this stuff for a month or so off line). You should also check to make sure there are no aliases setup for the user. And, searching the file hierarchy for *all* files owned by that user can be a win -- especially if the user has left something that might cause problems later... (e.g., check ~ftp). --don