Date: Thu, 23 Jan 1997 10:11:00 -0700 (MST) From: Don Yuniskis <dgy@rtd.com> To: isis@servtech.com (Jen and Luke) Cc: gjennejohn@frt.dec.com, sakti@idola.net.id, questions@FreeBSD.ORG Subject: Re: Delete User Message-ID: <199701231711.KAA00974@seagull.rtd.com> In-Reply-To: <32E78D54.446B9B3D@servtech.com> from "Jen and Luke" at Jan 23, 97 11:09:56 am
next in thread | previous in thread | raw e-mail | index | archive | help
It seems that Jen and Luke said: > > garyj@frt.dec.com wrote: > > > > sakti@idola.net.id writes: > > > 1. What is a command to delete user ? > > > > I think there's a deluser script, but I can't remember for which version > > it's standard. > > > > > 2. I delete user with manual step : > > > a. remove user property from /etc/passwd > > > b. remove user's homdir > > > why never success ?, I mean the user name is removed from /etc/passwd but > > -they still success to login ? > > > > you *must* use vipw to change /etc/passwd, otherwise the password > > database file (which is what really gets used by login) is not > > updated. Did you use vipw ? > > I do it this way: > 1. erase users line from /etc/master.passwd > 2. erase their dir > 3. run pwd_mkdb -p /etc/master.passwd > > Does anyone know if thats wrong? I think the vipw method is preferable since it does all the file locking for you. I recommend *not* removing the entry from /etc/passwd but, rather, filling the password field with ``*'' to effectively prohibit the user from using the account. This allows /etc/passwd to serve as an informal record of current AND PREVIOUS login id's. On a small system, it's great. On a larger system, you probably want to create a *separate* database to hold expired logins (maybe passwd.deleted??). This helps insure that a login doesn't get reused too quickly -- embarassing when "bob" #1's email starts being received by "bob" #2! It also gives you a record of old accounts in case you receive some complaint at a future date, etc. In addition to 'rm -r ~username' you probably want to 'rm /var/mail/username' (or, if you're a nice guy, archive this stuff for a month or so off line). You should also check to make sure there are no aliases setup for the user. And, searching the file hierarchy for *all* files owned by that user can be a win -- especially if the user has left something that might cause problems later... (e.g., check ~ftp). --don
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701231711.KAA00974>