I am using HP-UX 11i here. I have one application developer who owns a lot of directory and files in the system, how can I remove his user ID (Login ID) but maintaining his files in the system when he resigns later? Normally how do people deal with a resigned user with a lot of files in the system?
Re: Remove user but maintain his files in the system
hi,
use sam -> Acounts for Users and Groups -> Users -> select user to remove -> Actions -> Remove -> you will be given 4 choices, since you want to keep the files, select "Left Where They Are".
however, if you want to remove all the files, you may want to first archive the files before removing from all local file systems.
regards.
what you do not see does not mean you should not believe
Re: Remove user but maintain his files in the system
L.S.
Usually I just disable the account (in non-shadow password environment: add a '#' to the password field of the user). This means the UID and account name still exist, but using it is impossible. It has 1 advantage: you cannot accidentally re-use the UID when you create a new account that has no relation to the one you disabled.
Re: Remove user but maintain his files in the system
/usr/lbin/modprpw -m alock=YES $usernme could be used to lock the username, but maintain the permissions.
You can doublecheck this status with /usr/lbin/getprpw $username
If you have a user on many systems and you happen to have a tool such as power broker you could lock this account on all of your systems very quickly. Then remove the directory and login once everyone has sorted out what is needed.
Re: Remove user but maintain his files in the system
hi,
sorry, was in a meeting.
like what Naveej has mentioned, after removing the user, only the UID remains for the file that are left where they are.
to find the files, you may do this:
# find / -user -exec ls -ld {} \;
the files are safe only if you remember that the UID belongs to this previous user. if you were to use the UID for a new user, this user will take over the files.
by the way, /usr/lbin/getprpw and /usr/lbin/modprpw only works for trusted system.
regards.
what you do not see does not mean you should not believe
Re: Remove user but maintain his files in the system
Yap,
If you wish to keep the files and directories after your developer has resigned, you can assign his "owned" files to another user (his replacement). Just as people have stated before, the easiest way to do this is to use SAM. If he leaves before a replacement is hired, you could set up a temporary "holding" account that you could be locked to stop anyone from logging in and messing with the files.
Re: Remove user but maintain his files in the system
What I have done in the past when a user needed to be left on the system, but not beable to login was:
1) Assign an invalid passwd to the user, something like *thisuserleftonmay122004 This way you know when they left.
2) Give them an invalid login shell like /usr/bin/false
With these 2 steps you can leave the user on the system, all files ownerships are maintained, but no one can log on as that user directly. root could still do an 'su - user' but that's it.
Re: Remove user but maintain his files in the system
Leaving the files in /home is a good way to forget that they are still there. The fastest way (as mentioned) is: userdel old_dev_user and the files are left in /home under the old_dev_user directory. Then move /home/old_dev_user to another devloper's directory. Since it has the old username, the files will be easy to find.
