rmuser, rmgroup, rmpasswd -- remove user accounts


/tcb/bin/rmuser users


rmuser removes user accounts from the system. A user account consists of a line in /etc/passwd, entries in /etc/group and a Protected Password database file. rmuser removes all three entities from the system.

If no users are specified on the command line then rmuser will read standard input for account names, one per line.

rmuser checks there are no currently running processes for the account before removing it.

rmuser uses ale(ADM) and two underlying shell scripts, rmpasswd and rmgroup to do the actual removal and authck(ADM) to rebuild the subsystem databases. ale and authck require the invoking user to have the auth subsystem authorization and the chown and execsuid kernel privileges.

Exit values

rmuser returns an exit status of 1 if it was interrupted.


Because removing users is not allowed on a C2 system, rmuser checks for REUSEUID=YES in /etc/default/login before removing any accounts.

rmuser does not remove all traces of an account: home directories are left intact, any cron jobs are not removed and the name of the account is left in the Terminal Control database and some Protected Password entries. In the Terminal Control database, the deleted account name is not removed from the last (un)successful login, and last logout fields of a terminal entry. In the Protected Password entries, the account name is left in the owner field of accounts which the removed account owned, and the password user field of any accounts for which the removed account was authorized to change the password. These remnants in the C2 database files do not affect the system.


password file

group file

Protected Password database

user script

group script

See also

ale(ADM), authcap(F)

Standards conformance

rmuser is not part of any currently supported standard; it is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003