Community
Operating System - OpenVMS
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Remove user

 
Hoff
Honored Contributor

‎01-14-2011 08:30 AM

‎01-14-2011 08:30 AM

Re: Remove user

I have an acl_scrub tool posted at:

http://labs.hoffmanlabs.com/node/426

This tool can locate and optionally correct stale identifiers that can be left dangling on file system objects when users are deleted.

Here is a write-up on creating and deleting users:

http://labs.hoffmanlabs.com/node/856

with links to various procedures and tools.
Reply
John Gillings
Honored Contributor

‎01-16-2011 02:55 PM

‎01-16-2011 02:55 PM

Re: Remove user

I agree with Dan, don't delete the user, just DISUSER & NOACCESS the account and set the password to a random string.

I you must remove the UAF entry, I recommend using:

UAF> REMOVE/NOREMOVE user

This deletes the UAF entry, but leaves the UIC identifier intact. There are several reasons.

Primarily, you don't lose the textual name on security objects (owner fields, ACLs etc). It also makes it much easier to prevent reuse of the UIC.

For most systems there is sufficient keyspace in UICs to never have to reuse a UIC. Sure, you can use a scrubber, like the one referenced by Hoff, but not reusing the UIC is better assurance that a stale ACE won't ever be misused.

It may make sense to change the identifier string to make it obvious it's expired.

UAF> MODIFY/IDENT/NAME=DISUSER_SOMEUSER SOMEUSER

(although usernames are effectively limited to 12 characters, identifiers are allowed to be up to 31 characters)
A crucible of informative mistakes
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.