{ 7 comments… read them below or add one }

1 webjuan September 23, 2009 at 3:57 pm

If possible, I would also consider changing the ownerships of all the files owned by the old employee to another valid system user.

You can use find while logged in as the root user:

# find /home/fireduser -user fireduser -exec chown newuser.newgroup {} \;

Your mileage will vary depending on OS.

Reply

2 @OlhoNaTV September 23, 2009 at 5:39 pm

It’s so Linux!

Reply

3 Reck September 23, 2009 at 11:58 pm

Just change the start up shell from /bin/sh to /bin/false in the /etc/passwd file for those specific accounts. There shell won’t start.

Reply

4 athmoss September 24, 2009 at 10:29 pm

Nice article. I have one question: why use passwd -l (in the case mentioned in the article) instead of passwd -d?

Reply

5 CM September 29, 2009 at 5:20 pm

passwd -d just deletes the user password. This means that no password is required for that account.

password -l acts on the /etc/shadow by adding a ! to the users password. Since encryption methods in use never produce a ! , this password will never be matched!

Reply

6 Jonas Björklund October 2, 2009 at 2:50 pm

I personally would recommend not to delete a user’s account using userdel, since it is possible that the same UID may be used again for a newly added employee. Even if you have searched and changed ownership of all files owned by the user, there still could be files you have missed, leaving a potential security risk.

Reply

7 prr.suresh May 18, 2013 at 4:51 am

@Jonas Björklund
Then how can i overcome the problem ?
By explicitly setting uid or anything else ?

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , ,

Previous Faq:

Next Faq: