RMUSER(ADM) UNIX System V
Name
rmuser, rmgroup, rmpasswd - remove user accounts
Syntax
/tcb/bin/rmuser users
Description
rmuser removes user accounts from the system. A user account
consists of a line in /etc/passwd, entries in /etc/group and
a protected password database file. rmuser removes all
three entities from the system.
If no users are specified on the command line then rmuser
will read standard input for account names, one per line.
rmuser checks there are no currently running processes for
the account before removing it.
rmuser uses ale(ADM) and two underlying shell scripts,
rmpasswd and rmgroup to do the actual removal and
authck(ADM) to rebuild the subsystem databases. ale and
authck require the invoking user to have the auth subsystem
authorization and the chown and execsuid kernel
authorizations.
Files
/etc/passwd password file
/etc/group group file
/tcb/files/auth/?/* protected password
database
/tcb/lib/auth_scripts/rmpasswd user script
tcb/lib/auth_scripts/rmgroup group script
See Also
ale(ADM), passwdupd(ADM), authcap(F)
Diagnostics
rmuser returns an exit status of 1 if it was interrupted
Notes
Because removing users is not allowed on a C2 system, rmuser
checks that the system has been relaxed before removing any
accounts.
rmuser does not remove all traces of an account: home
directories are left intact, any cron jobs are not removed
and the name of the account is left in the Terminal Control
database and some Protected Password entries. In the
Terminal Control database, the deleted account name is not
removed from the last (un)successful login, and last logout
fields of a terminal entry. In the Protected Password
entries, the account name is left in the owner field of
accounts which the removed account owned, and the password
user field of any accounts for which the removed account was
authorized to change the password. These remnants in the C2
database files do not affect the system.
Value Added
rmuser is an extension of AT&T System V provided by the
Santa Cruz Operation.
(printed 12/11/90) RMUSER(ADM)