Go Back   DaemonForums > Miscellaneous > Guides

Guides All Guides and HOWTO's.

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 18th May 2008
anomie's Avatar
anomie anomie is offline
Join Date: Apr 2008
Location: Texas
Posts: 445
Default Remove/disable a former system user

Sooner or later, one of your users will be let go, find employment elsewhere, or win the lottery. When that happens you'll need to remove her account and ensure that she doesn't continue to have access after the fact.

The purpose of this guide is to outline some simple steps to disable an account while leaving a reasonable audit trail in place. It is written specifically for FreeBSD 6.x and 7.0, but the general concepts should apply (with different command implementations, perhaps) across many *nix systems.

Please note that the steps below were inspired by advice found in two excellent books:
  1. Essential System Administration, by Æleen Frisch
  2. Linux Server Hacks, by Rob Flickenger


[ We'll call the unwelcome user account starla for these examples. ]

Lock out future authentication attempts

First, we'll expire the account and give it a nologin shell.

# chpass -e 'Oct 01 06' starla
# chsh -s /usr/sbin/nologin starla
(For the first command, any Mmm dd yy in the past will do.)

Additional considerations:
  • Did the user have access to any other accounts? Those passwords will need to be changed as well.
  • While you're at it, it'd be a good idea to scan /etc/group and remove her account from any secondary groups.

Prevent other access methods and archive home

Next, we'll move her home directory, change its ownership, and restrict its permissions.

# mv /usr/home/starla /usr/home/starla.gone
# chown -R root /usr/home/starla.gone
# chmod -R go-rwx /usr/home/starla.gone
Keeping the home directory and its contents around may be needed as part of an audit trail. In some situations (depending on your rules and policies) it may be more appropriate to back it up and then delete it altogether.

Check for any running/automated processes

Here we'll look at any processes executing under her account.

# ps aux | grep '^starla'
Anything running? You'll need to look into it, determine what it is and why it's running, and ultimately kill it.

Next, we'll look for anything that may be scheduled to run using at or cron.

# atq
# crontab -u starla -l
Ditto here. Is anything that's automated necessary for normal business operation? If so, you'll need to get it moved to a more appropriate (service) account. If not, remove the entries.

Check for sudoer entries

If her account should not be accessed, then it most certainly should not be used to run commands via sudo. Verify and remove any entries containing the starla user account with the command:
# visudo
Check for any other files on the system owned by the account

A quick find invocation can provide us with this info.

# find / -user starla > starla-files
Anything turn up? Again, you'll need to investigate and change ownership (or remove) as needed.

If the user has a mailbox -- e.g. /var/mail/starla -- you may want to back it up and then delete it.

Check for other application-level access

What services did the user have access to? Did the user have a mail alias set up? It would be a good idea to carefully review each of these configurations for references to starla and remove them (or replace them with a new account, as appropriate).


Hopefully this guide has provided a baseline for planning (or modifying) your user account removal procedures. Be diligent and thorough to make sure that when someone leaves, she is really gone.
Kill your t.v.

Last edited by anomie; 18th May 2008 at 04:15 AM. Reason: corrected book reference list.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to disable FreeBSD boot loader? Turquoise88 FreeBSD General 2 17th July 2009 03:11 PM
tmux disable automatic resize Carpetsmoker General software and network 7 25th June 2009 10:54 PM
How to remove Gnome and X Malakim Solaris 2 12th April 2009 12:10 PM
Disable manual fsck on startup Malakim FreeBSD General 4 2nd September 2008 05:28 PM
Disable CTRL+ALT+DEL FreeBSD Gnome mfaridi FreeBSD Security 7 27th August 2008 07:10 PM

All times are GMT. The time now is 12:28 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick