Removing accounts

Updated: April 19, 2023

To remove a user account:

  1. Lock the user account database: if the /etc/.pwlock file doesn't exist, lock the account files by creating it; if it does exist, wait until it's gone.
  2. Remove the account entry in /etc/passwd and /etc/shadow to disable future logins, or change the login shell to a program that simply terminates, or that displays a message and then terminates.
  3. Remove references to the user from the /etc/group file.
  4. Unlock the account database by removing /etc/.pwlock.
  5. If necessary, remove or change ownership of system resources that the user owned.
  6. If necessary, remove or alter references to the user in email systems, TCP/IP access control files, applications, and so on.

Instead of removing a user, you can disable the account by using the passwd utility to change the account's password. In this way, you can tell which system resources the former user owned, since the user ID-to-name translation still works. When you do this, the passwd utility automatically handles the necessary locking and unlocking of the account database.

If you ever need to log in to that account, you can either use the su (“switch user”) utility to switch to that account (from root), or log in to the account. If you forget the password for the account, remember that the root user can always change it.

What should you do with any resources that a former user owned? Here are some of your options:

CAUTION:
If you remove a user's account in the account database but don't remove or change the ownership of their files, it's possible that a future account may end up with the same numeric user ID, which would make the new user the owner of any files left behind by the old one.