Like most modern operating systems, Linux is designed to be a secure multi-user system. Each system, therefore, needs a system administrator with the ability to manage user accounts. That means creating accounts, assigning privileges to them, and deleting them when they are no longer required. It is always best practice to delete the accounts of dis-continued users (provided that you are sure there is nothing in the account that could be needed again).
A user account can consist of numerous things, including the user’s home directory, spool files, and SSH keys. When you want to delete every trace of the user, these may have to be dealt with separately, otherwise removing a user is very simple. The “userdel” command is common to all dialects of Linux, although Debian and Ubuntu also provide an alternative – “deluser“. Other operating systems in the Unix family, such as Solaris and FreeBSD, use different commands.
Using the userdel command
The basic syntax for using userdel is straightforward. After logging in and assigning yourself as a root user, your command will take the following form;
userdel [OPTIONS] username
For example –
userdel –r Alfredo_Garcia
However, before you can use the command there are a few things you need to do. First, you will need to make sure you are logged in as a root user (or login to sudo with a privileged account name using sudo –i). You also need to make sure that the account you want to delete is not currently in use, or the delete operation could fail. One of the best ways to do this is by using –
root# pkill –KILL –u username
You can also use the “killall” command, or use the “-f” switch described below, but “pkill” is a safer method.
Be aware that when you use “userdel” without specifying any options on your command line it will look for the alternative default values in /etc/deluser.conf (in Debian or Ubuntu) or /etc/login.defs (in RHEL or CentOS). Often this means that REMOVE_HOME = 0 will be set and as a result, the “userdel” command will remove the user’s account but not their home directory or mail spool. You can change the default behavior or specify the “-r” option on your command line (see below).
Options for modifying userdel
The option you are most likely to need is “-r” or “—remove”. When you use this switch your operation will also delete the user’s home directory, all the files in it, and the mail spool (defined in the login.defs file by the MAIL_DIR variable). It will also remove entries in the /etc/passwd and /etc/shadow files. Be certain that nobody needs any of those files before using the “-r” option!
Another option available is “-R” (capitalized). This will apply your changes in CHROOT_DIR and will also use the defaults set by the configuration files within that directory.
Using the -f (–force) option instructs “userdel” to remove the user account, even if the user is still logged in and has processes running. However, using “force” can leave your system in an unstable condition so it should be avoided unless other options have already failed.
Other modifiers are “-h” for help, and “-Z” which will remove a security-enhanced mapping for the user if one exists.
Removing the user’s SSH Keys
There are a number of ways to remove keys from the Linux secure shell – SSH. One is to simply delete the directory in which they are stored. For example –
# rm -rf /home/username/.ssh
A more convenient approach is to use the ssh-keygen command. You can use ssh-keygen to remove entries from the known_hosts file like this –
ssh-keygen -R hostname
Always approach the “userdel” command with caution. You can’t simply restore files removed using this command if you make a mistake. It is also essential to double-check that there are no important files in the ex-user’s directories before you proceed. The most common scenario in which you need to delete a user is after they have left their employer and there is always a good chance there will be important mail or documents that the company still needs.