Thanks Ann Majeske and Michael Bucholtz for their responses.
==================
There's probably some other "officially supported" method
for doing this, but if all you want to do is remove the
users from the groups and you're not running NIS, the easiest
thing to do would be to use your favorite text editor to
edit /etc/group and remove the users from the groups.
If you're using NIS it's almost as easy. On the NIS master
use your favorite text editor to edit /var/yp/src/group
and remove the users from the groups. Then in /var/yp
run "make group".
When you want to get rid of a user, Enhanced Security
defaults to "retiring" the user rather than "deleting"
the user for security reasons. If you delete the user
the UID can be re-used. The old user might have left
some files around that you don't necessarily want the
new user to have access to.
If you want to delete the retired users there are a
couple different methods, depending on what version
you're running. Recently (I'm not sure if it was V4.0F
or V5.0) the ability to delete (rather than retire)
users was added to the userdel(8) command and the
dxaccounts GUI. If the version of the OS you're running
supports this you can unretire the accounts and then
delete them with userdel or dxaccounts. Since dxaccounts
isn't letting you modify the retired accounts, you can
unretire them using the edauth(8) command. The edauth
command allows you to edit the Enhanced Security user
database. I.e.,
# edauth <username>
will allow you to edit the entry for the given username.
If you delete the u_retired field for the user you will
unretire the account.
Or, you can use the edauth(8) tool to delete
the user from the Enhanced Security database:
# edauth -r <username>
or for NIS (do on the NIS master:
# edauth -N -r <username>
and then remove the user from the passwd database using
vipw or editing the source for the NIS passwd map.
If you're using this method, you'd still have to delete
the users from the group database as discussed above.
Original post
==========================
Is there a best way to remove retired users from groups?
Several accounts I inherited from the prior administrator were retired
while the accounts belonged to several groups. When using dxaccounts (with
enhanced security), the retired accounts can't be loaded so there is no way
to remove their membership.
Tru64 UNIX 4.0F
Received on Wed Sep 19 2001 - 13:40:24 NZST