rmuser Command
Purpose
Removes a user account.
Syntax
Description
The rmuser command removes the user account that is identified by the Name parameter. This command removes a user account's attributes without removing the user's home directory and files. The user name must exist. If you specify the -c flag, the rmuser command checks whether the user is logged in or has running processes before removing the user account. If the user is logged in or has running processes, the rmuser command fails. If you specify the -p flag, the rmuser command also removes passwords and other user authentication information from the /etc/security/passwd file.
For user accounts that are created with an alternate Identification and Authentication (I&A) mechanism, use the -R flag with the appropriate load module to remove that user. The load modules are defined in the /usr/lib/security/methods.cfg file.
Only the root user or users with UserAdmin authorization can remove administrative users. Administrative users are those users with admin=true set in the /etc/security/user file.
You can also use the System Management Interface Tool (SMIT) smit rmuser fast path to run this command.
Flags
| Item | Description |
|---|---|
| -c | Verifies that the user is not logged in and does not have running processes before removing the user account. |
| -p | Removes user password information from the /etc/security/passwd file and removes the user keystore. |
| -R load_module | Specifies the loadable I&A module that is used to remove the user account. |
Parameter
| Item | Description |
|---|---|
| Name | Specifies a user account. |
Exit Status
| Item | Description |
|---|---|
| 0 | The command ran successfully and all requested changes are made. |
| >0 | An error occurred. The printed error message gives further details about the type of failure. |
Security
Access Control: This command should grant execute (x) access only to the root user and members of the security group. This command should be installed as a program in the trusted computing base (TCB). The command should be owned by the root user with the setuid (SUID) bit set.
Files Accessed:
| Mode | File |
|---|---|
| rw | /etc/passwd |
| rw | /etc/security/passwd |
| rw | /etc/security/user |
| rw | /etc/security/user.roles |
| rw | /etc/security/limits |
| rw | /etc/security/environ |
| rw | /etc/security/audit/config |
| rw | /etc/group |
| rw | /etc/security/group |
Auditing Events:
| Event | Information |
|---|---|
| USER_Remove | user |
Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.
Examples
- To remove the user account davis and its attributes from
the local system, enter:
rmuser davis - To remove the user account davis and all its attributes,
including passwords and other user authentication information in the /etc/security/passwd file,
type:
rmuser -p davis - To remove the user account davis, who was created with
the LDAP load module, type:
rmuser -R LDAP davis
Files
| Item | Description |
|---|---|
| /usr/sbin/rmuser | Contains the rmuser command. |
| /etc/security/passwd | Contains password information. |
| /etc/security/user | Contains the extended attributes of user accounts. |
| /etc/security/environ | Contains environment attributes of user accounts. |
| /etc/group | Contains the basic attributes of groups. |