delete users with userdel -r on multple Linux (rhel) servers
Red HatThis forum is for the discussion of Red Hat Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
delete users with userdel -r on multple Linux (rhel) servers
Hi all
I have a few (over a hundred) servers that we need to remove a user from. I'd like to do this through a shell script with the following...
1. Test user is on the node
if yes, continue script, if no, report.
2. Test if user has files/folders in home dir (apart from hidden profile files)
if no, continue. If yes, skip removal and report!
3. Remove user if exists and home dir is empty.
Servers are various shades of RHEL / OEL (4.x,5.x,6.x)
The user acct I will connect with (mine) will be present on all nodes and have sudo capability.
I just don't have the days and days it would take me to something, and i'm not too confident. Heavily commented scripts would be most useful too!
It won't take you 'days & days', if you just write a user_remove.sh bash script to do all the checking and email a result, then just write an even simpler script to scp the user_remove.sh script over and run it.
Test the user_remove.sh script on one machine first with a temp user created just for testing the script.
It won't take you 'days & days', if you just write a user_remove.sh bash script to do all the checking and email a result, then just write an even simpler script to scp the user_remove.sh script over and run it.
Test the user_remove.sh script on one machine first with a temp user created just for testing the script.
I agree with making a user_remove script.. but the rest seems needlessly complex.
You can run a local script over ssh without needing to copy the file over or make multiple connections to the same server.
1. Test user is on the node
if yes, continue script, if no, report.
2. Test if user has files/folders in home dir (apart from hidden profile files)
if no, continue. If yes, skip removal and report!
3. Remove user if exists and home dir is empty.
Point 1 - grep user /etc/passwd. echo "user doesn't exist" if this fails.
Point 2 - As superuser, cd ~user and use ls to check if there are any files. echo "user has files" if not.
Point 3 - sudo userdel -r user
Then:
Code:
for server in $(< list-of-your-servers)
do
echo Processing ${server}
scp abovescript.sh ${server}:
ssh ${server} abovescript.sh
done
Profit!
Quote:
Heavily commented scripts would be most useful too!
I agree, but I am not sure you would get them for free.
Edit: For bonus points, implement Sefyir's suggestion to avoid scp.
Last edited by berndbausch; 10-22-2015 at 08:17 PM.
Frankly, if you have "hundreds of" servers to manage, and you are doing it this way, then IMHO you are definitely doing it the wrong way!
You should be using a centralized authorization/authentication system, i.e. LDAP (nee "Microsoft OpenDirectory"). All hundreds-of servers should be referencing this central authority to validate their login credentials, instead of using a passwd file.
So far as I know, every enterprise of any size does things this way ... on Windows, on OS/X, on Linux, or ... "any and every combination thereof," i.e. "single sign-on."
Thanks to PAM = Pluggable Authentication Modules, this is easy to do with Linux and very well-documented. Linux can easily "play well together" with everybody else under a common, over-arching management system.
Last edited by sundialsvcs; 10-23-2015 at 01:30 PM.
Point 1 - grep user /etc/passwd. echo "user doesn't exist" if this fails.
Point 2 - As superuser, cd ~user and use ls to check if there are any files. echo "user has files" if not.
Point 3 - sudo userdel -r user
Then:
Code:
for server in $(< list-of-your-servers)
do
echo Processing ${server}
scp abovescript.sh ${server}:
ssh ${server} abovescript.sh
done
Profit!
I agree, but I am not sure you would get them for free.
Edit: For bonus points, implement Sefyir's suggestion to avoid scp.
Thanks, will look into this now I am back from interstate - and when I catch up again...
Frankly, if you have "hundreds of" servers to manage, and you are doing it this way, then IMHO you are definitely doing it the wrong way!
You should be using a centralized authorization/authentication system, i.e. LDAP (nee "Microsoft OpenDirectory"). All hundreds-of servers should be referencing this central authority to validate their login credentials, instead of using a passwd file.
So far as I know, every enterprise of any size does things this way ... on Windows, on OS/X, on Linux, or ... "any and every combination thereof," i.e. "single sign-on."
Thanks to PAM = Pluggable Authentication Modules, this is easy to do with Linux and very well-documented. Linux can easily "play well together" with everybody else under a common, over-arching management system.
yes, it is the way the once small company did things which rapidly became the - "is this really how we manage users???" way. That is being addressed through a new access and authentication management solution the company is now rolling out which is quite comprehensive - however - this roll out will take time. I do have a need to remove users from a given list of servers from time to time so I will be trying my hand at some scripting. Unfortunately, this is low on my competing priorities list (writing something) - I have what needs to happen in my head, its just time to put it together. I'll just have to make time. When I get something down, I'll post out of interest. Any ideas welcome.
Any thoughts on this?
ssh me@$server <<- EOF
check user exists > $serverresult.txt
check homedir >> $serverresult.txt
exit
EOF
if $serverresult.txt=removeuser (look for string based on the check tests) then
ssh back into $server and run remove user commands.
elseif - echo servername and status to text file. (build the list of exceptions)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.