When people go on vacation, have an extended break for some reason or may not be comng back, you can use the expire option to lock down their account.
You also may want to close an account correctly. The Ubuntu Server like other Linux Servers provides methods to make this happen.
Example:
# sudo chage -E 2011-06-10 mike
This option is valuable for temporary accounts as well.
A directory could be created to hold the user’s files for a time.
Example:
# sudo mkdir /mikeold: chmod 000 /mikeold
This will protect the data from being changed.
Expire User Passwords
In addition to setting an expiration date for a user’s account, you can also set minimum and maximum change periods for a user’s password.
To ensure that a user can’t change his or her password more often than a given time period, use chage with the “-m” option.
So, to ensure that user “james” can’t change his password more than every seven days, enter:
# sudo chage -m 7 james
To ensure that james’s password has to be changed at least every 90 days, enter:
# sudo chage -M 90 james
You can also give james a warning before he has to change his password. To set the warning period to five days, you can enter:
# sudo chage -W 5 james
If need be, you can set all of these values with one single command:
# sudo chage -m 7 -M 20 -W 5 james
A “chage -l james” command will verify that all values were properly set.
Note that password expiration dates are completely separate from account expiration dates.
Deleting Users and Data
When users leave a system often the userdel command is used to delete their account. However, the result may be that users have created files and directories outside of their home directory.
The /tmp directory often is used to create programs for users so there may be files left in that directory. If you use this command it will delete all of the user files as well:
# sudo userdel -r tom
Example: The -r takes all associated files and directories in the home directory. It will not delete files owned by the user in another directory besides home and user mail.
If you only wanted to delete the the user account and login you would use:
# sudo userdel tom
When you use userdel to delete a user account the command will not delete files owned by the user outside the user’s home directory.
You will need to search those out:
# find / -user tom -print
This command will search for all files owned by the user mike starting with / and print the filenames to the screen.
Often on systems with different administrator’s you may find that these little issues have been overlooked.
If a user account has been deleted and they left files in locations that were not removed, you will find files that have no owner, as the owner has been deleted.
One way to find these files and folders is to use this command:
# find / \( -nouser \)
Once you find these nouser files you will need to decide if they should be kept or deleted.
You may want to assign a user to those files as they may have significance to the company.
Change File Ownership
There may be a time when you need to delete a user and replace that user with another user who will need access to the former user’s files.
For this you want to change ownership of the needed files. Do a search and change the files.
# find / -user mike -exec chown joe {} \;
Place brackets after joe so that the output can be placed in them. All of the files will be searched out for mike and ownership changed to joe.
Example:
# sudo chage -E 2011-06-10 mike
This option is valuable for temporary accounts as well.
A directory could be created to hold the user’s files for a time.
Example:
# sudo mkdir /mikeold: chmod 000 /mikeold
This will protect the data from being changed.
Expire User Passwords
In addition to setting an expiration date for a user’s account, you can also set minimum and maximum change periods for a user’s password.
To ensure that a user can’t change his or her password more often than a given time period, use chage with the “-m” option.
So, to ensure that user “james” can’t change his password more than every seven days, enter:
# sudo chage -m 7 james
To ensure that james’s password has to be changed at least every 90 days, enter:
# sudo chage -M 90 james
You can also give james a warning before he has to change his password. To set the warning period to five days, you can enter:
# sudo chage -W 5 james
If need be, you can set all of these values with one single command:
# sudo chage -m 7 -M 20 -W 5 james
A “chage -l james” command will verify that all values were properly set.
Note that password expiration dates are completely separate from account expiration dates.
Deleting Users and Data
When users leave a system often the userdel command is used to delete their account. However, the result may be that users have created files and directories outside of their home directory.
The /tmp directory often is used to create programs for users so there may be files left in that directory. If you use this command it will delete all of the user files as well:
# sudo userdel -r tom
Example: The -r takes all associated files and directories in the home directory. It will not delete files owned by the user in another directory besides home and user mail.
If you only wanted to delete the the user account and login you would use:
# sudo userdel tom
When you use userdel to delete a user account the command will not delete files owned by the user outside the user’s home directory.
You will need to search those out:
# find / -user tom -print
This command will search for all files owned by the user mike starting with / and print the filenames to the screen.
Often on systems with different administrator’s you may find that these little issues have been overlooked.
If a user account has been deleted and they left files in locations that were not removed, you will find files that have no owner, as the owner has been deleted.
One way to find these files and folders is to use this command:
# find / \( -nouser \)
Once you find these nouser files you will need to decide if they should be kept or deleted.
You may want to assign a user to those files as they may have significance to the company.
Change File Ownership
There may be a time when you need to delete a user and replace that user with another user who will need access to the former user’s files.
For this you want to change ownership of the needed files. Do a search and change the files.
# find / -user mike -exec chown joe {} \;
Place brackets after joe so that the output can be placed in them. All of the files will be searched out for mike and ownership changed to joe.
No comments:
Post a Comment