6.5. Removing User Accounts

On occasion, you may wish to remove a user's access from your server altogether.

If you are a Red Hat user, the easiest way to remove an unneeded user account is with the ``userdel'' command, which must be typed as ``root''. An example follows:

/usr/sbin/userdel baduser

The above command will remove the entry matching the username ``baduser from the ``/etc/passwd'', file, and, if you're using the Shadow password format (which you should be; see Section 6.6 for details), the ``/etc/shadow''.

Note: Note: The ``/etc/group'' is not modified, to avoid removing a group that other user(s) may also belong to. This isn't much of a big deal, but if this bothers use, you can edit the group file and remove the entry manually.

Should you wish to remove the user's home directory as well, add the ``-r'' option to the ``userdel'' command. For example:

/usr/sbin/userdel -r baduser

I recommend not removing an account right away, but first simply disable it, especially if you are working with a corporate server with lots of users. After all, the former user may one day require the use of his or her account again, or may request a file or two which was stored in their home directory. Or perhaps a new user (such as an employee replacement) may require access to the former user's files. In any event, make sure you have backups of the former user's home directory, "just-in-case". See Section 6.4 for details on disabling an account, and Chapter 8 for details on how to perform backups.