Remove/disable a former system user
Sooner or later, one of your users will be let go, find employment elsewhere, or win the lottery. When that happens you'll need to remove her account and ensure that she doesn't continue to have access after the fact.
The purpose of this guide is to outline some simple steps to disable an account while leaving a reasonable audit trail in place. It is written specifically for FreeBSD 6.x and 7.0, but the general concepts should apply (with different command implementations, perhaps) across many *nix systems.
Please note that the steps below were inspired by advice found in two excellent books:
[ We'll call the unwelcome user account starla for these examples. ]
Lock out future authentication attempts
First, we'll expire the account and give it a nologin shell.
# chpass -e 'Oct 01 06' starla # chsh -s /usr/sbin/nologin starla
Prevent other access methods and archive home
Next, we'll move her home directory, change its ownership, and restrict its permissions.
# mv /usr/home/starla /usr/home/starla.gone # chown -R root /usr/home/starla.gone # chmod -R go-rwx /usr/home/starla.gone
Check for any running/automated processes
Here we'll look at any processes executing under her account.
# ps aux | grep '^starla'
Next, we'll look for anything that may be scheduled to run using at or cron.
# atq # crontab -u starla -l
Check for sudoer entries
If her account should not be accessed, then it most certainly should not be used to run commands via sudo. Verify and remove any entries containing the starla user account with the command:
A quick find invocation can provide us with this info.
# find / -user starla > starla-files
If the user has a mailbox -- e.g. /var/mail/starla -- you may want to back it up and then delete it.
Check for other application-level access
What services did the user have access to? Did the user have a mail alias set up? It would be a good idea to carefully review each of these configurations for references to starla and remove them (or replace them with a new account, as appropriate).
Hopefully this guide has provided a baseline for planning (or modifying) your user account removal procedures. Be diligent and thorough to make sure that when someone leaves, she is really gone.
Kill your t.v.
Last edited by anomie; 18th May 2008 at 05:15 AM. Reason: corrected book reference list.
|Thread||Thread Starter||Forum||Replies||Last Post|
|How to disable FreeBSD boot loader?||Turquoise88||FreeBSD General||2||17th July 2009 04:11 PM|
|tmux disable automatic resize||Carpetsmoker||General software and network||7||25th June 2009 11:54 PM|
|How to remove Gnome and X||Malakim||Solaris||2||12th April 2009 01:10 PM|
|Disable manual fsck on startup||Malakim||FreeBSD General||4||2nd September 2008 06:28 PM|
|Disable CTRL+ALT+DEL FreeBSD Gnome||mfaridi||FreeBSD Security||7||27th August 2008 08:10 PM|