linux删除用户所有信息_如何在Linux上删除用户（以及删除所有跟踪）

linux删除用户所有信息

Fatmawati Achmad Zaenuri/Shutterstock Fatmawati Achmad Zaenuri / Shutterstock

Deleting a user on Linux involves more than you think. If you’re a system administrator, you’ll want to purge all traces of the account and its access from your systems. We’ll show you the steps to take.

在Linux上删除用户的工作超出了您的想象。 如果您是系统管理员，则需要清除该帐户的所有痕迹以及从系统中对其的访问。 我们将向您显示要采取的步骤。

If you just want to delete a user account from your system and aren’t concerned about ending any running processes and other cleanup tasks, follow the steps in the “Deleting the User Account” section below. You’ll need the deluser command on Debian-based distributions and the userdel command on other Linux distributions.

如果您只想从系统中删除用户帐户，而不关心结束任何正在运行的进程和其他清理任务，请按照下面“删除用户帐户”部分中的步骤进行操作。 在基于Debian的发行版中需要deluser命令，在其他Linux发行版中需要userdel命令。

Linux上的用户帐户 (User Accounts on Linux)

Ever since the first time-sharing systems appeared in the early 1960s and brought with them the capability for multiple users to work on a single computer, there’s been a need to isolate and compartmentalize the files and data of each user from all the other users. And so user accounts—and passwords—were born.

自从1960年代初出现第一个分时系统并为多个用户提供在一台计算机上工作的能力以来，就需要将每个用户的文件和数据与所有其他用户隔离开来并分开。 这样就诞生了用户帐户和密码 。

User accounts have an administrative overhead. They need to be created when the user first needs access to the computer. They need to be removed when that access is no longer required. On Linux, there’s a sequence of steps that should be followed in order to correctly and methodically remove the user, their files, and their account from the computer.

用户帐户具有管理费用。 用户首次需要访问计算机时，需要创建它们。 当不再需要该访问权限时，需要将其删除。 在Linux上，应遵循一系列步骤，才能正确，有条理地从计算机中删除用户，其文件和帐户。

If you’re the system administrator that responsibility falls to you. Here’s how to go about it.

如果您是系统管理员，那您就应该承担责任。 这是解决方法。

我们的方案 (Our Scenario)

There’s any number of reasons an account might need to be deleted. A staff member might be moving to a different team or leaving the company altogether. The account might have been set up for a short term collaboration with a visitor from another company. Team-ups are common in academia, where research projects can span departments, different universities, and even commercial entities. At the conclusion of the project, the system administrator has to perform the housekeeping and remove unnecessary accounts.

有多种原因可能需要删除帐户。 员工可能正在转移到另一个团队，或者完全离开公司。 该帐户可能是为与另一家公司的访客进行短期合作而设置的。 团队合作在学术界很普遍，那里的研究项目可以跨越部门，不同的大学甚至商业实体。 在项目结束时，系统管理员必须执行内务处理并删除不必要的帐户。

The worst-case scenario is when someone leaves under a cloud because of a misdemeanor. Such events usually happen suddenly, with little fore-warning. That gives the system administrator very little time to plan, and an urgency to get the account locked, closed and deleted—with a copy of the user’s files backed up in case they are needed for any post-closure forensics.

最坏的情况是有人因轻罪而离开云层。 此类事件通常会突然发生，很少发出预警。 这给系统管理员带来了很少的计划时间，并且有一个锁定，关闭和删除帐户的紧迫性-备份了用户文件的副本，以防在任何关闭后的取证中使用。

In our scenario, we’ll pretend that a user, Eric, has done something that warrants his immediate removal from the premises. At this moment he is unaware of this, he’s still working, and logged in. As soon as you give the nod to security he’s going to be escorted from the building.

在我们的场景中，我们假设用户Eric所做的事情可以保证他立即从场所中撤离。 目前，他还没有意识到这一点，他仍在工作并登录。一旦您向安全点头，他就会被护送出大楼。

Everything’s set. All eyes are on you.

一切就绪。 所有的眼睛都在注视着你。

检查登录 (Check the Login)

Let’s see if he really is logged in and, if he is, how many sessions he’s working with. The who command will list active sessions.

让我们看看他是否真正登录，如果他已经登录，那么他正在处理多少个会话。 who命令将列出活动会话 。

who

Eric is logged in once.  Let’s see what processes he’s running.

Eric登录一次。 让我们看看他正在运行什么进程。

审查用户流程 (Reviewing The User’s Processes)

We can use the ps command to list the processes this user is running. The -u (user) option lets us tell ps to restrict its output to the processes running under the ownership of that user account.

我们可以使用ps命令列出该用户正在运行的进程 。 -u (用户)选项使我们告诉ps将其输出限制为在该用户帐户的所有权下运行的进程。

ps -u eric

We can see the same processes with more information using the top command. top also has an -U (user) option to restrict the output to the processes owned by a single user. Note that this time it is an uppercase “U.”

使用top命令，我们可以看到具有更多信息的相同过程。 top还具有-U (用户)选项，可将输出限制为单个用户拥有的进程。 请注意，这一次是大写的“ U”。

top -U eric

We can see the memory and CPU usage of each task, and can quickly look for anything with suspicious activity. We’re about to forcibly kill all of his processes, so it is safest to take a moment to quickly review the processes, and check and make sure that other users are not going to be inconvenienced when you terminate user account eric‘s processes.

我们可以看到每个任务的内存和CPU使用率，并可以快速查找可疑活动。 我们将强行终止他的所有进程，因此，花一点时间快速查看进程，并检查并确保在终止用户帐户eric的进程时不会给其他用户带来麻烦是最安全的。

It doesn’t look like he’s doing much, just using less to view a file. We’re safe to proceed. But before we kill his processes, we’ll freeze the account by locking the password.

看起来他没有做很多事情，只是花less精力来查看文件。 我们可以继续进行。 但是在终止他的流程之前，我们将通过锁定密码来冻结帐户。

锁定账户 (Locking the Account)

We’ll lock the account before we kill the processes because when we kill the processes it will log out the user. If we’ve already changed his password, he won’t be able to log back in.

在终止进程之前，我们将锁定帐户，因为在终止进程时，它将注销用户。 如果我们已经更改了他的密码，他将无法重新登录。

The encrypted user passwords are stored in the /etc/shadow file. You wouldn’t normally bother with these next steps, but so that you can see what happens in the /etc/shadow file when you lock the account we’ll take a slight detour. We can use the following command to look at the first two fields of the entry for the eric user account.

加密的用户密码存储在/etc/shadow文件中。 通常，您不会再为接下来的步骤而烦恼，但是，当您锁定帐户时，可以看到/etc/shadow文件中发生的情况，我们将稍作绕道。 我们可以使用以下命令查看eric用户帐户条目的前两个字段。

sudo awk -F: '/eric/ {print $1,$2}' /etc/shadow

The awk command parses fields from text files and optionally manipulates them. We’re using the -F (field separator) option to tell awk that the file uses a colon ” : ” to separate the fields. We’re going to search for a line with the pattern “eric” in it. For matching lines, we’ll print the first and second fields. These are the account name and the encrypted password.

awk命令分析文本文件中的字段并有选择地对其进行操作。 我们使用-F (字段分隔符)选项来告诉awk该文件使用冒号“ : ”分隔字段。 我们将搜索其中带有“ eric”模式的行。 对于匹配的行，我们将打印第一和第二字段。 这些是帐户名和加密的密码。

The entry for user account eric is printed for us.

用户帐户eric的条目已为我们打印。

To lock the account we use the passwd command.  We’ll use the -l (lock) option and pass in the name of the user account to lock.

要锁定帐户，我们使用passwd命令。 我们将使用-l (锁定)选项， 并将用户帐户的名称传递给lock 。

sudo passwd -l eric

If we check the /etc/passwd file again, we’ll see what’s happened.

如果再次检查/etc/passwd文件，我们将看到发生了什么。

sudo awk -F: '/eric/ {print $1,$2}' /etc/shadow

An exclamation mark has been added to the start of the encrypted password. It doesn’t overwrite the first character, it’s just added to the start of the password. That’s all that’s required to prevent a user from being able to log in to that account.

感叹号已添加到加密密码的开头。 它不会覆盖第一个字符，而只是添加到密码的开头。 这就是防止用户登录该帐户所需的全部操作。

Now that we’ve prevented the user from logging back in, we can kill his processes and log him out.

现在，我们已阻止用户重新登录，我们可以终止其进程并将其注销。

杀死进程 (Killing the Processes)

There are different ways to kill a user’s processes, but the command shown here is widely available and is a more modern implementation than some of the alternatives. The pkill command will find and kill processes. We’re passing in the KILL signal, and using the -u (user) option.

有多种方法可以杀死用户的进程，但是此处显示的命令已广泛使用，并且比某些替代方案更现代。 pkill命令将查找并杀死进程。 我们正在传递KILL信号，并使用-u (用户)选项。

sudo pkill -KILL -u eric

You’re returned to the command prompt in a decidedly anti-climactic fashion. To make sure something happened let’s check who again:

您将以绝对的反高潮方式返回命令提示符。 为了确定发生了什么，让我们再次检查who ：

who

His session is gone. He’s been logged off and his processes have been stopped. That’s taken some of the urgency out of the situation. Now we can relax a bit and carry on with the rest of the mopping up as security takes a walk over to Eric’s desk.

他的会议不见了。 他已注销，其过程已停止。 这消除了情况的紧急性。 现在，我们可以放松一下，并继续进行其余的清理工作，因为安全措施会带到Eric的办公桌上。

归档用户的主目录 (Archiving the User’s home Directory)

It’s not out of the question that in a scenario such as this, access to the user’s files will be required in the future. Either as part of an investigation or simply because their replacement may need to refer back to their predecessor’s work. We’ll use the tar command to archive their entire home directory.

毫无疑问，在这种情况下，将来将需要访问用户的文件。 要么作为调查的一部分，要么仅仅是因为替换他们可能需要参考其前任的工作。 我们将使用tar命令来归档其整个主目录 。

The options we’re using are:

我们使用的选项是：

• c: Create an archive file.

  c ：创建一个存档文件。

• f: Use the specified filename for the name of the archive.

  f ：使用指定的文件名作为存档名称。

• j: Use bzip2 compression.

  j ：使用bzip2压缩。

• v: Provide verbose output as the archive is created.

  v ：在创建归档文件时提供详细的输出。

sudo tar cfjv eric-20200820.tar.bz /home/eric

A lot of screen output will scroll in the terminal window. To check the archive has been created, use the ls command. We’re using the -l (long format) and -h (human-readable) options.

许多屏幕输出将在终端窗口中滚动。 要检查归档文件是否已创建，请使用ls命令。 我们正在使用-l (长格式)和-h (人类可读)选项。

ls -lh eric-20200802.tar.bz

A file of 722 MB has been created. This can be copied somewhere safe for later review.

已创建722 MB的文件。 可以将其复制到安全的地方以供以后查看。

删除cron作业 (Removing cron Jobs)

We’d better check in case there are any cron jobs scheduled for user account eric. A cron job is a command that is triggered at specified times or intervals. We can check if there are any cron jobs scheduled for this user account by using ls:

我们最好检查是否为用户帐户eric安排了任何cron作业。 cron作业是在指定的时间或间隔触发的命令。 我们可以使用ls检查是否为此用户帐户安排了任何cron作业：

sudo ls -lh /var/spool/cron/crontabs/eric

If anything exists in this location it means there are cron jobs queued for that user account. We can delete them with this crontab command. The -r (remove) option will remove the jobs, and the -u (user) option tells crontab whose jobs to remove.

如果此位置中有任何内容，则意味着该用户帐户有排队的cron作业。 我们可以使用此crontab命令将其删除。 -r (删除)选项将删除作业， -u (用户)选项告诉crontab 要删除的作业 。

sudo crontab -r -u eric

The jobs are silently deleted. For all we know, if Eric had suspected he was about to be evicted he might have scheduled a malicious job. This step is best practice.

作业将被静默删除。 就我们所知，如果埃里克(Eric)怀疑自己即将被驱逐出境，则可能是他安排了恶意工作。 此步骤是最佳做法。

删除打印作业 (Removing Print Jobs)

Perhaps the user had pending print jobs? Just to be sure, we can purge the print queue of any jobs belonging to user account eric. The lprm command removes jobs from the print queue. The -U (username) option lets you remove jobs owned by the named user account:

也许用户有待处理的打印作业？ 可以肯定的是，我们可以清除属于用户帐户eric的所有作业的打印队列。 lprm命令从打印队列中删除作业 。 -U (用户名)选项使您可以删除命名用户帐户拥有的作业：

lprm -U eric

The jobs are removed and you are returned to the command line.

作业将被删除，您将返回命令行。

删除用户帐号 (Deleting the User Account)

We’ve already backed up the files from the /home/eric/ directory, so we can go ahead and delete the user account and delete the /home/eric/ directory at the same time.

我们已经从/home/eric/目录备份了文件，因此我们可以继续删除用户帐户，并同时删除/home/eric/目录。

The command to use depends on which distribution of Linux you’re using. For Debian based Linux distributions, the command is deluser, and for the rest of the Linux world, it is userdel.

使用的命令取决于您使用Linux发行版。 对于基于DebianLinux发行版 ，该命令为deluser ， 对于其他Linux世界 ，该命令为userdel 。

Actually, on Ubuntu both commands are available. I half-expected one to be an alias of the other, but they are distinct binaries.

实际上，在Ubuntu上，两个命令都可用。 我一半期望一个是另一个的别名，但是它们是不同的二进制文件。

type deluser

type userdel

Although they’re both available, the recommendation is to use deluser on Debian-derived distributions:

尽管它们都可用，但是建议在Debian派生的发行 deluser 上使用deluser ：

“userdel is a low level utility for removing users. On Debian, administrators should usually use deluser(8) instead.”

“ userdel是用于删除用户的低级实用程序。 在Debian上，管理员通常应改用deluser (8)。”

That’s clear enough, so the command to use on this Ubuntu computer is deluser. Because we also want their home directory to be removed we’re using the --remove-home flag:

这已经足够清楚了，因此在此Ubuntu计算机上使用的命令是deluser 。 因为我们也希望删除其主目录，所以我们使用--remove-home标志：

sudo deluser --remove-home eric

The command to use for non-Debian distributions is userdel, with the --remove flag:

用于非Debian发行版的命令是userdel ，带有--remove标志：

sudo userdel --remove eric

All traces of user account eric have been erased. We can check that the /home/eric/directory has been removed:

用户帐户eric所有痕迹均已删除。 我们可以检查/home/eric/目录是否已删除：

ls /home

The eric group has also been removed because the user account eric was the only entry in it. We can check this quite easily by piping the contents of /etc/group through grep:

eric组也已删除，因为用户帐户eric是其中唯一的条目。 我们可以很容易地通过grep将/etc/group的内容进行检查：

sudo less /etc/group | grep eric

这是包装 (It’s a Wrap)

Eric, for his sins, is gone. Security is still walking him out of the building and you’ve already secured and archived his files, deleted his account, and purged the system of any remnants.

埃里克(Eric)因他的罪过而消失了。 安全措施仍然使他离开建筑物，并且您已经保护和存档了他的文件，删除了他的帐户并清除了所有残余的系统。

Accuracy always trumps speed. Make sure you consider each step before you take it. You don’t want someone walking up to your desk and saying “No, the other Eric.”

准确性总是胜过速度。 确保采取每一个步骤之前，都要考虑一下。 您不希望有人走到办公桌前说“不，另一个埃里克”。

翻译自: https://www.howtogeek.com/656549/how-to-delete-a-user-on-linux-and-remove-every-trace/

linux删除用户所有信息