Re: Hearing the truth??
From: António Vasconcelos (vasco_at_all-2-it.com)
Date: 02/18/04
- Previous message: Sayek, Ogan: "RE: Hearing the truth??"
- In reply to: OBrien, Brennan: "Hearing the truth??"
- Next in thread: Steve Barnet: "Re: Hearing the truth??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 Feb 2004 18:11:13 +0000 To: "OBrien, Brennan" <BOBrien@columbia.com>
OBrien, Brennan wrote:
>All:
>
>I've got an interesting situation at the office I could use some advice
>on. I'm being asked from a security perspective whether the following
>statement (made by our Unix admins) could be considered true:
>
>"The only way you can delete a user account on a unix environment is to
>write a series of scripts to eliminate file associations."
>
>So, while I don't disagree with the logic, is this actually the case
>that there are no commercial tools available to assist in this arena,
>and the only method of deleting a user on a system safely and
>effectively is to write a bunch of scripts on your own? This just begs
>to be a problem solved by a commercial entity if it's actually the case.
>
>
>We're in a Sun environment. Some thoughts would be appreciated.
>
>Brennan
>
>
>
That's dumb.
Any user can be deleted with the command "userdel username", if you want
to remove the home dir use "userdel -r username", this will remove the
dir in /export/home/username (if in the default location), it isn't a
good idea to do userdel -r to a user that have a shared or system home dir.
Any file owned by that user will stay as it was.
The only detail is that the owner of any file will stay the same, as
when you ls -l the file you'll see a numeric user ID instead of the
owner's login name. And if later it is created another user with the
same UID that user will own those files.
In any case if you want to do something to files from a certain user you
can do
*find / -user <username> -exec do_something_to_file {} \;*
or
*find / -user <UID> -exec do_something_to_file {} \;* #
(if the user was already removed)
That's not a bunch of scripts, my guess is that you need new unix admins...
-- António Vasconcelos /(Administrador de Sistemas) ALL2IT-Infocomunicações, SA Torre de Monsanto, 6º Piso Miraflores, Algés PORTUGAL Telf.: + 351 21 412 39 50 Fax.: + 351 21 410 51 94/ *CONFIDENCIAL*: Esta mensagem contém informação confidencial ou material privilegiado, e é só intencionada para os seus destinatários. De acordo com a lei em vigor, se um erro originou que tenha recebido esta mensagem por engano pedimos que, de imediato, notifique o remetente e a apague do seu sistema sem a reproduzir. *CONFIDENTIAL*: This e-mail contains proprietary information, some or all of which may be legally privileged. It is for the intended recipients only. According to the law in force, if an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail and delete it from your system without retaining a copy.
- Previous message: Sayek, Ogan: "RE: Hearing the truth??"
- In reply to: OBrien, Brennan: "Hearing the truth??"
- Next in thread: Steve Barnet: "Re: Hearing the truth??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
