userdel(1M)

userdel -- delete a user's login from the system

Synopsis

userdel [-r] [-n months] login

Description

The userdel command deletes a user's login definition from the system. It removes the definition of the specified login and makes the appropriate login-related system file and filesystem changes. The command also stores the user identification number (UID) being deleted in the /etc/security/ia/ageduid file, so the UID will not be reused until a period of time has passed. This practice of keeping a UID out of use is called UID aging.

The following options are available:

-r: Remove the user's home directory from the system. This directory must exist. The files and directories under the home directory will no longer be accessible following successful execution of the command. Note that the user's home directory may not be removed if the pathname of the home directory is administered through the Network Information Service (NIS) and NIS is unavailable at the time you delete the user's entry.
-n months: Specify a value for the number of months to age the UID. Specify -1 to indicate the UID should never be reused. Specify 0 to indicate the UID may be reused immediately. If the -n option is not specified, the UID will be aged for a default number of months before it will be reused.
login: A string of printable characters that specifies an existing login on the system. It may not contain a colon (:) or a newline (\n).

If login is being administered by the Network Information Service (NIS), login will only be removed from the local system, not the NIS database.

Warnings

Whenever you use the userdel command to delete a user's login, you should execute adminuser -d login_name to avoid creating any security holes; otherwise security breaches will be introduced when you remove logins for users who have been added to the TFM database. Use the desktop metaphor to remove users who have been added through the metaphor.

Not all users have privileges but desktop users usually do. If a user whose login is being removed has no privileges and you execute adminuser -d, you'll simply get an error message:

   UX:adminuser:ERROR:Undefined user login_name

Files

/etc/default/userdel
/etc/group
/etc/passwd
/etc/security/ia/ageduid
/etc/security/ia/audit
/etc/security/ia/index
/etc/security/ia/master
/etc/shadow

The file /etc/security/ia/audit is not available if the Auditing Utilities are not installed.

Diagnostics

The userdel command exits with a return code of 0 upon successful completion. In case of errors, the following messages may be displayed:

Invalid command syntax.
The login to be removed does not exist.
The login to be removed is in use.
Cannot update the /etc/group file but the login is removed from the /etc/passwd file.
Cannot remove or otherwise modify the home directory.

References

adminuser(1M), groupadd(1M), groupdel(1M), groupmod(1M), logins(1M), passwd(1), useradd(1M), usermod(1M), users(1bsd)