Hi all

I have a few (over a hundred) servers that we need to remove a user from. I'd like to do this through a shell script with the following...

1. Test user is on the node
if yes, continue script, if no, report.
2. Test if user has files/folders in home dir (apart from hidden profile files)
if no, continue. If yes, skip removal and report!
3. Remove user if exists and home dir is empty.

Servers are various shades of RHEL / OEL (4.x,5.x,6.x)

The user acct I will connect with (mine) will be present on all nodes and have sudo capability.

I just don't have the days and days it would take me to something, and i'm not too confident. Heavily commented scripts would be most useful too!

Help would be much appreciated!

Thanks.

What have you done so far?

It won't take you 'days & days', if you just write a user_remove.sh bash script to do all the checking and email a result, then just write an even simpler script to scp the user_remove.sh script over and run it.
Test the user_remove.sh script on one machine first with a temp user created just for testing the script.

I agree with making a user_remove script.. but the rest seems needlessly complex.
You can run a local script over ssh without needing to copy the file over or make multiple connections to the same server.

Point 1 - grep user /etc/passwd. echo "user doesn't exist" if this fails.
Point 2 - As superuser, cd ~user and use ls to check if there are any files. echo "user has files" if not.
Point 3 - sudo userdel -r user

Then:
Profit!

I agree, but I am not sure you would get them for free.

Edit: For bonus points, implement Sefyir's suggestion to avoid scp.

Frankly, if you have "hundreds of" servers to manage, and you are doing it this way, then IMHO you are definitely doing it the wrong way!

You should be using a centralized authorization/authentication system, i.e. LDAP (nee "Microsoft OpenDirectory"). All hundreds-of servers should be referencing this central authority to validate their login credentials, instead of using a passwd file.

So far as I know, every enterprise of any size does things this way ... on Windows, on OS/X, on Linux, or ... "any and every combination thereof," i.e. "single sign-on."

Thanks to PAM = Pluggable Authentication Modules, this is easy to do with Linux and very well-documented. Linux can easily "play well together" with everybody else under a common, over-arching management system.

Thanks, will look into this now I am back from interstate - and when I catch up again...

yes, it is the way the once small company did things which rapidly became the - "is this really how we manage users???" way. That is being addressed through a new access and authentication management solution the company is now rolling out which is quite comprehensive - however - this roll out will take time. I do have a need to remove users from a given list of servers from time to time so I will be trying my hand at some scripting. Unfortunately, this is low on my competing priorities list (writing something) - I have what needs to happen in my head, its just time to put it together. I'll just have to make time. When I get something down, I'll post out of interest. Any ideas welcome.

Any thoughts on this?

ssh me@$server <<- EOF
check user exists > $serverresult.txt
check homedir >> $serverresult.txt
exit
EOF
if $serverresult.txt=removeuser (look for string based on the check tests) then
ssh back into $server and run remove user commands.
elseif - echo servername and status to text file. (build the list of exceptions)

Moved: This thread is more suitable in <Red Hat> and has been moved accordingly to help your thread/question get the exposure it deserves.