Having played with this for a couple of days, it's time to see if anyone
else has any better ideas. I am trying to fully remove 'retired' accounts
from an Enhanced Security system.
The man page for usermod indicates that the -r option removes the user home
directory and "deletes" the account. Yes it removes the home directory,
and NO it does not delete the account. It remains in the authdb for
enhanced security. There seems to be no way to actually remove a user once
you have created the user...
Why am I trying? I screwed up when making a script to migrate users from a
Solaris box and forgot to put the gecos info (-c option for useradd) inside
of quotation marks. Hence, whatever name or initial followed the first
name became the account name (including capitalization, which authck
complains about) and the intended account name (last parameter on the line)
was ignored without comment.
What have I tried so far? I have user convuser to extract things from
Enhanced Security, vi to remove the unwanted account names from the passwd
file (this is not yet a production system), and then convuser to move the
accounts back into Enhanced Security.
Well, the passwd file is ok now, and dxaccounts only shows the account
names I want, but the db for Enhanced Security still shows all the accounts
and the removed ones remain 'retired'. IE, there is a complete audit trail
there and I want to start over instead...
Does anyone know if I can used convuser to backtrack to Base security,
remove the passwd db for Enhanced Security and then use convuser again to
re-enable Enhanced Security? Will this recreate the db from scratch? (this
is what I want) or will it render the system so that no-one can login? or
will it do worse?
Chad
Chad Price
Systems Manager, Genetic Sequence Analysis Facility
University of Nebraska Medical Center
986495 Nebraska Medical Center
Omaha, NE 68506-6495
cprice_at_molbio.unmc.edu
(402) 559-9527
(402) 559-4077 (FAX)
Received on Fri Dec 03 1999 - 15:24:10 NZDT