How to tell if account is used anymore for anything
 

First, let me apologize, as I know this is a vague question.
Looking in /etc/passwd on a vsftp server, I noticed an account toward the top of that file that doesn't have a shell listed and the home folder for it is no longer valid. I did a su to that account and there's no crontab and if i hit up/down i dont get any recent commands.
What else would you suggest I check before I can feel fairly confident this account is no longer used for anything and can be deleted?

Change the password, sure, but delete? not so much. ;)
Or give the user a false or nologin shell?

Just my advice,

probably solid advice as a first step :-)

but if the account is somehow used for some process local to the server, would doing that give me a hint in either direction?

you could always check "last" to see if the user has logged in any time recently...

or grep the auth.log under /var/log

a last username just returns the following, so i'm guessing that means it had to have been before that timestamp.

wtmp begins Mon May 13 13:57:46 2013

I don't see an auth.log in /var/log either.

Please check whether any process is owned by that user by 'ps aux | grep username'

for historical records, if btmp exists.

nothing from the ps aux

that last command returns this

btmp begins Fri Aug 16 06:37:30 2013

Same reasoning applies, change password, wait, oh say [69]0 days, delete account...

Yeah, I think that's about the only option right now. Thanks for the help.

no worries.
Glad to be of help.

Would writing a shell that logs the event someplace handy and then exec's the real login shell work for you?

I don't understand what that would do in this case, can you explain?