diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:54:37 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:54:37 +0000 |
commit | 97c26c1924b076ef23ebe4381558e8aa025712b2 (patch) | |
tree | 109724175f07436696f51b14b5abbd3f4d704d6d /man/man8/userdel.8 | |
parent | Initial commit. (diff) | |
download | shadow-upstream.tar.xz shadow-upstream.zip |
Adding upstream version 1:4.13+dfsg1.upstream/1%4.13+dfsg1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'man/man8/userdel.8')
-rw-r--r-- | man/man8/userdel.8 | 325 |
1 files changed, 325 insertions, 0 deletions
diff --git a/man/man8/userdel.8 b/man/man8/userdel.8 new file mode 100644 index 0000000..acfc412 --- /dev/null +++ b/man/man8/userdel.8 @@ -0,0 +1,325 @@ +'\" t +.\" Title: userdel +.\" Author: Julianne Frances Haugh +.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> +.\" Date: 11/08/2022 +.\" Manual: System Management Commands +.\" Source: shadow-utils 4.13 +.\" Language: English +.\" +.TH "USERDEL" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +userdel \- delete a user account and related files +.SH "SYNOPSIS" +.HP \w'\fBuserdel\fR\ 'u +\fBuserdel\fR [options] \fILOGIN\fR +.SH "DESCRIPTION" +.PP +The +\fBuserdel\fR +command modifies the system account files, deleting all entries that refer to the user name +\fILOGIN\fR\&. The named user must exist\&. +.SH "OPTIONS" +.PP +The options which apply to the +\fBuserdel\fR +command are: +.PP +\fB\-f\fR, \fB\-\-force\fR +.RS 4 +This option forces the removal of the user account, even if the user is still logged in\&. It also forces +\fBuserdel\fR +to remove the user\*(Aqs home directory and mail spool, even if another user uses the same home directory or if the mail spool is not owned by the specified user\&. If +\fBUSERGROUPS_ENAB\fR +is defined to +\fIyes\fR +in +/etc/login\&.defs +and if a group exists with the same name as the deleted user, then this group will be removed, even if it is still the primary group of another user\&. +.sp +\fINote:\fR +This option is dangerous and may leave your system in an inconsistent state\&. +.RE +.PP +\fB\-h\fR, \fB\-\-help\fR +.RS 4 +Display help message and exit\&. +.RE +.PP +\fB\-r\fR, \fB\-\-remove\fR +.RS 4 +Files in the user\*(Aqs home directory will be removed along with the home directory itself and the user\*(Aqs mail spool\&. Files located in other file systems will have to be searched for and deleted manually\&. +.sp +The mail spool is defined by the +\fBMAIL_DIR\fR +variable in the +login\&.defs +file\&. +.RE +.PP +\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR +.RS 4 +Apply changes in the +\fICHROOT_DIR\fR +directory and use the configuration files from the +\fICHROOT_DIR\fR +directory\&. Only absolute paths are supported\&. +.RE +.PP +\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR +.RS 4 +Apply changes in the +\fIPREFIX_DIR\fR +directory and use the configuration files from the +\fIPREFIX_DIR\fR +directory\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&. +.RE +.PP +\fB\-Z\fR, \fB\-\-selinux\-user\fR +.RS 4 +Remove any SELinux user mapping for the user\*(Aqs login\&. +.RE +.SH "CONFIGURATION" +.PP +The following configuration variables in +/etc/login\&.defs +change the behavior of this tool: +.PP +\fBMAIL_DIR\fR (string) +.RS 4 +The mail spool directory\&. This is needed to manipulate the mailbox when its corresponding user account is modified or deleted\&. If not specified, a compile\-time default is used\&. The parameter CREATE_MAIL_SPOOL in +/etc/default/useradd +determines whether the mail spool should be created\&. +.RE +.PP +\fBMAIL_FILE\fR (string) +.RS 4 +Defines the location of the users mail spool files relatively to their home directory\&. +.RE +.PP +The +\fBMAIL_DIR\fR +and +\fBMAIL_FILE\fR +variables are used by +\fBuseradd\fR, +\fBusermod\fR, and +\fBuserdel\fR +to create, move, or delete the user\*(Aqs mail spool\&. +.PP +If +\fBMAIL_CHECK_ENAB\fR +is set to +\fIyes\fR, they are also used to define the +\fBMAIL\fR +environment variable\&. +.PP +\fBMAX_MEMBERS_PER_GROUP\fR (number) +.RS 4 +Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in +/etc/group +(with the same name, same password, and same GID)\&. +.sp +The default value is 0, meaning that there are no limits in the number of members in a group\&. +.sp +This feature (split group) permits to limit the length of lines in the group file\&. This is useful to make sure that lines for NIS groups are not larger than 1024 characters\&. +.sp +If you need to enforce such limit, you can use 25\&. +.sp +Note: split groups may not be supported by all tools (even in the Shadow toolsuite)\&. You should not use this variable unless you really need it\&. +.RE +.PP +\fBUSERDEL_CMD\fR (string) +.RS 4 +If defined, this command is run when removing a user\&. It should remove any at/cron/print jobs etc\&. owned by the user to be removed (passed as the first argument)\&. +.sp +The return code of the script is not taken into account\&. +.sp +Here is an example script, which removes the user\*(Aqs cron, at and print jobs: +.sp +.if n \{\ +.RS 4 +.\} +.nf +#! /bin/sh + +# Check for the required argument\&. +if [ $# != 1 ]; then + echo "Usage: $0 username" + exit 1 +fi + +# Remove cron jobs\&. +crontab \-r \-u $1 + +# Remove at jobs\&. +# Note that it will remove any jobs owned by the same UID, +# even if it was shared by a different username\&. +AT_SPOOL_DIR=/var/spool/cron/atjobs +find $AT_SPOOL_DIR \-name "[^\&.]*" \-type f \-user $1 \-delete \e; + +# Remove print jobs\&. +lprm $1 + +# All done\&. +exit 0 + +.fi +.if n \{\ +.RE +.\} +.sp +.RE +.PP +\fBUSERGROUPS_ENAB\fR (boolean) +.RS 4 +Enable setting of the umask group bits to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007) for non\-root users, if the uid is the same as gid, and username is the same as the primary group name\&. +.sp +If set to +\fIyes\fR, +\fBuserdel\fR +will remove the user\*(Aqs group if it contains no more members, and +\fBuseradd\fR +will create by default a group with the name of the user\&. +.RE +.SH "FILES" +.PP +/etc/group +.RS 4 +Group account information\&. +.RE +.PP +/etc/login\&.defs +.RS 4 +Shadow password suite configuration\&. +.RE +.PP +/etc/passwd +.RS 4 +User account information\&. +.RE +.PP +/etc/shadow +.RS 4 +Secure user account information\&. +.RE +.PP +/etc/shadow\-maint/userdel\-pre\&.d/*, /etc/shadow\-maint/userdel\-post\&.d/* +.RS 4 +Run\-part files to execute during user deletion\&. The environment variable +\fBACTION\fR +will be populated with +\fBuserdel\fR +and +\fBSUBJECT\fR +with the username\&. +userdel\-pre\&.d +will be executed prior to any user deletion\&. +userdel\-post\&.d +will execute after user deletion\&. If a script exits non\-zero then execution will terminate\&. +.RE +.PP +/etc/subgid +.RS 4 +Per user subordinate group IDs\&. +.RE +.PP +/etc/subuid +.RS 4 +Per user subordinate user IDs\&. +.RE +.SH "EXIT VALUES" +.PP +The +\fBuserdel\fR +command exits with the following values: +.PP +\fI0\fR +.RS 4 +success +.RE +.PP +\fI1\fR +.RS 4 +can\*(Aqt update password file +.RE +.PP +\fI2\fR +.RS 4 +invalid command syntax +.RE +.PP +\fI6\fR +.RS 4 +specified user doesn\*(Aqt exist +.RE +.PP +\fI8\fR +.RS 4 +user currently logged in +.RE +.PP +\fI10\fR +.RS 4 +can\*(Aqt update group file +.RE +.PP +\fI12\fR +.RS 4 +can\*(Aqt remove home directory +.RE +.SH "CAVEATS" +.PP +\fBuserdel\fR +will not allow you to remove an account if there are running processes which belong to this account\&. In that case, you may have to kill those processes or lock the user\*(Aqs password or account and remove the account later\&. The +\fB\-f\fR +option can force the deletion of this account\&. +.PP +You should manually check all file systems to ensure that no files remain owned by this user\&. +.PP +You may not remove any NIS attributes on a NIS client\&. This must be performed on the NIS server\&. +.PP +If +\fBUSERGROUPS_ENAB\fR +is defined to +\fIyes\fR +in +/etc/login\&.defs, +\fBuserdel\fR +will delete the group with the same name as the user\&. To avoid inconsistencies in the passwd and group databases, +\fBuserdel\fR +will check that this group is not used as a primary group for another user, and will just warn without deleting the group otherwise\&. The +\fB\-f\fR +option can force the deletion of this group\&. +.SH "SEE ALSO" +.PP +\fBchfn\fR(1), +\fBchsh\fR(1), +\fBpasswd\fR(1), +\fBlogin.defs\fR(5), +\fBgpasswd\fR(8), +\fBgroupadd\fR(8), +\fBgroupdel\fR(8), +\fBgroupmod\fR(8), +\fBsubgid\fR(5), \fBsubuid\fR(5), +\fBuseradd\fR(8), +\fBusermod\fR(8)\&. |