#46 Deleting a User Account
Deleting an account is a bit more tricky than suspending it, because the script needs to check the entire file system for files owned by the user, and this must be done before the account information is removed from /etc/passwd and /etc/shadow.
The Code
#!/bin/sh
## deleteuser - Deletes a user account without a trace...
# Not for use with Mac OS X
homedir="/home"
pwfile="/etc/passwd" shadow="/etc/shadow"
newpwfile="/etc/passwd.new" newshadow="/etc/shadow.new"
suspend="/usr/local/bin/suspenduser"
locker="/etc/passwd.lock"
if [ -z $1 ] ; then
echo "Usage: $0 account" >&2; exit 1
elif [ "$(whoami)" != "root" ] ; then
echo "Error: you must be 'root' to run this command.">&2; exit 1
fi
$suspend $1 # suspend their account while we do the dirty work
uid="$(grep -E "^${1}:" $pwfile | cut -d: -f3)"
if [ -z $uid ] ; then
echo "Error: no account $1 found in $pwfile" >&2; exit 1
fi
# Remove from the password and shadow files
grep -vE "^${1}:" $pwfile > $newpwfile
grep -vE "^${1}:" $shadow > $newshadow
lockcmd="$(which lockfile)" # find lockfile app in the path
if [ ! -z $lockcmd ] ; then # let's use the system lockfile
eval $lockcmd -r 15 $locker
else # ulp, let's do it ourselves
while [ -e $locker ] ; do
echo "waiting for the password file" ; sleep 1
done
touch $locker # created a file-based lock
fi
mv $newpwfile $pwfile
mv $newshadow $shadow
rm -f $locker # click! unlocked again
chmod 644 $pwfile
chmod 400 $shadow
# Now remove home directory and list anything left...
rm -rf $homedir/$1
echo "Files still left to remove (if any):"
find / -uid $uid -print 2>/dev/null | sed 's/^/ /'
echo ""
echo "Account $1 (uid $uid) has been deleted, and their home directory "
echo "($homedir/$1) has been removed."
exit 0
How It Works
To avoid any problems with things changing underfoot, notice that the very first task that deleteuser performs is to suspend the user account by calling suspenduser.
Before modifying the password file, this script locks it using the lockfile program, if it's available. If not, it drops back to a relatively primitive locking mechanism through the creation of the file /etc/passwd.lock. If the lock file already exists, this script will sit and wait for it to be deleted by another program; once it's gone, deleteuser immediately creates it and proceeds.
Running the Code
This script must be run as root (use sudo) and needs the name of the account to delete specified as the command argument.
Danger!
Notice that this script is irreversible and causes lots of files to vanish, so do be careful if you want to experiment with it!
The Results
$ sudo deleteuser snowy Please change account snowy password to something new. Changing password for user snowy. New password: Retype new password: passwd: all authentication tokens updated successfully. Account snowy has been suspended. Files still left to remove (if any): /var/log/dogbone.avi Account snowy (uid 502) has been deleted, and their home directory (/home/snowy) has been removed.
That sneaky Snowy had hidden an AVI file (dogbone.avi) in /var/log. Lucky we noticed that — who knows what it could be?
Hacking the Script
This deleteuser script is deliberately not complete. Sysadmins will decide what additional steps to take, whether it is compressing and archiving a final copy of the account files, writing them to tape, burning them on a CD-ROM, or even mailing them directly to the FBI (hopefully I'm just kidding on that last one). In addition, the account needs to be removed from the /etc/group files. If there are stray files outside of the user's home directory, the find command identifies them, but it's still up to the admin to examine and delete each one, as appropriate.