Linux with Operating System Concepts

364
◾
Linux with Operating System Concepts
this user outside of the user’s home directory will not be deleted. Therefore, you would 
have to manually search for any files owned by this user to either change ownership or 
delete them.
The groupdel instruction is perhaps one of the easiest in Linux. There are no options; 
instead it is simply 
groupdel 
groupname
. The group is deleted from the /etc/group 
and /etc/gshadow files, and the group is removed from any user’s list of groups as stored 
in /etc/passwd. There may however be files owned by this group and so you would have 
to manually search for those files and change their ownership. As with userdel, groupdel 
returns an exit value as follows:
• 0—success
• 2—invalid command
• 6—group does not exist
• 8—group is an existing user’s private group
• 10—cannot update group file
Care should be taken when deleting a user or a group. You should have policies estab-
lished that determine when a user or group can be deleted. Section 9.8 discusses user 
account policies. Before deletion, ensure that the user is not logged in or that the group is 
not a private group. Finally, after performing the deletion, check the system to make sure 
that no remnant files owned by the user or group exist.
Just as we wrote a script to create user accounts, we might similarly want to create a 
script to delete user accounts. Below is an example of such a script. We will assume that 
the user account names are stored in a text file and we will input this file, deleting each 
account. Some questions to answer before writing this script are whether we should force 
deletion in case any of these users are currently logged in, and whether we want to remove 
the users’ home directories and email space. Let us assume that we do not want to force 
deletion in any case and we will delete the user’s directory/email only if there is an entry 
of “yes” in the file after the username. This requires that we input two values from each 
row of the file. We will call the variables 
username
and 
deletion
. In order to decide 
whether to delete the directory/email, we will use the condition 
[ –z $deletion ]
. The 
-z option tests to see if the variable is null (has no value). So, if true, it means that there was 
no “yes” after the username and so we should not delete the directory/email. The else clause 
then will delete the directory/email using -r. Our script is shown below.
#!/bin/bash
while read username deletion; do
if [ –z $deletion ]; then userdel $username
else userdel –r $username
fi
done

User Accounts
◾
365
As we did not force deletions, this script fails to delete users who are logged in and/or 
have processes currently running. Thus, if the system administrator were to run this script, 
it may not complete the task fully. We could enhance the script by keeping a record of any 
user who, when we attempted to delete them, we received an error code of 8 (user logged 
in). We can do this by examining the value of 
$?
after we execute the userdel command 
(recall $? stores the exit or return code of a function or command). Alternatively, we might 
want to see if the return code is anything other than a 0 as there are other reasons why a 
user may not be deleted (e.g., could not update the /etc/passwd file because it is currently 
open or otherwise busy, user does not exist). If we receive any error, we will store 
$user-
name
in a file of usernames that still require deletion. We can add this instruction between 
the 
fi
and 
done
statements.
if [ $? –ne 0 ]; then echo “$username” 
>>
/root/not_yet_deleted.txt; fi
Or, we could use -f in our userdel commands to force deletion. However, the above if-
then statement is still useful to keep track of any user not deleted no matter what reason 
caused it.
9.4 PASSWORDS
In this section, we examine user passwords. 

Download 5,65 Mb.

Do'stlaringiz bilan baham: