rmuser Command

Purpose

Removes a user account.

Syntax

rmuser [ -R load_module ] [ -p ] Name

Description

The rmuser command removes the user account that is identified by the Name parameter. This command removes a user account's attributes without removing the user's home directory and files. The user name must exist. If you specify the -p flag, the rmuser command also removes passwords and other user authentication information from the /etc/security/passwd file.

For user accounts that are created with an alternate Identification and Authentication (I&A) mechanism, use the -R flag with the appropriate load module to remove that user. The load modules are defined in the /usr/lib/security/methods.cfg file.

Only the root user or users with UserAdmin authorization can remove administrative users. Administrative users are those users with admin=true set in the /etc/security/user file.

You can use the Users application in Web-based System Manager to change user characteristics.

You can also use the System Management Interface Tool (SMIT) smit rmuser fast path to run this command.

Flags

Item Description
-p Removes user password information from the /etc/security/passwd file and removes the user keystore.
-R load_module Specifies the loadable I&A module that is used to remove the user account.

Parameter

Item Description
Name Specifies a user account.

Exit Status

This command returns the following exit values:
Item Description
0 The command ran successfully and all requested changes are made.
>0 An error occurred. The printed error message gives further details about the type of failure.

Security

Access Control: This command should grant execute (x) access only to the root user and members of the security group. This command should be installed as a program in the trusted computing base (TCB). The command should be owned by the root user with the setuid (SUID) bit set.

Files Accessed:

Mode File
rw /etc/passwd
rw /etc/security/passwd
rw /etc/security/user
rw /etc/security/user.roles
rw /etc/security/limits
rw /etc/security/environ
rw /etc/security/audit/config
rw /etc/group
rw /etc/security/group

Auditing Events:

Event Information
USER_Remove user

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Examples

  1. To remove the user account davis and its attributes from the local system, enter:
    rmuser davis
  2. To remove the user account davis and all its attributes, including passwords and other user authentication information in the /etc/security/passwd file, type:
    rmuser -p davis
  3. To remove the user account davis, who was created with the LDAP load module, type:
    rmuser -R LDAP davis

Files

Item Description
/usr/sbin/rmuser Contains the rmuser command.
/etc/security/passwd Contains password information.
/etc/security/user Contains the extended attributes of user accounts.
/etc/security/environ Contains environment attributes of user accounts.
/etc/group Contains the basic attributes of groups.
html