Identifying A Deleted Account

    Date14 Nov 2002
    3026
    Posted ByAnthony Pell
    Last week I extolled the virtues of keeping an audit trail. This actually came up because a reader was confused about some processes that were running under a no-longer existing userid. . . Last week I extolled the virtues of keeping an audit trail. This actually came up because a reader was confused about some processes that were running under a no-longer existing userid.

    At some point the user had been deleted[2] from the system, but his processes remained. Not good. Unfortunately, they had no records of who originally used this account. There are many ways that a user can be deleted, be it manual changes or using the deluser program. Deluser removes entries from /etc/passwd and /etc/shadow entirely, rather than just locking the account by giving it a locked password.[3] It takes default settings from /etc/deluser.conf, which can be overridden by command-line arguments. The settings allow you to decide how you want files owned by the user to be handled.

    In general, it's a good idea to remove the files, because you never know what they may have hidden around. You do need to be careful, of course. Say a user was maintaining part of your website, you wouldn't want to delete those files blindly. Thus many administrators will not use the delete files options for deluser and will delete them manually, to make sure important files remain.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"5","type":"x","order":"1","pct":45.45,"resources":[]},{"id":"56","title":"No","votes":"6","type":"x","order":"2","pct":54.55,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.