/etc/passwd
/etc/group
/tcb/files/auth/?/
/tcb/lib/auth_scripts/rmpasswd
tcb/lib/auth_scripts/rmgroup
|
|
If no users are specified on the command line then rmuser will read standard input for account names, one per line.
rmuser checks there are no currently running processes for the account before removing it.
rmuser uses ale(ADM) and two underlying shell scripts, rmpasswd and rmgroup to do the actual removal and authck(ADM) to rebuild the subsystem databases. ale and authck require the invoking user to have the auth subsystem authorization and the chown and execsuid kernel privileges.
rmuser does not remove all traces of an account: home directories are left intact, any cron jobs are not removed and the name of the account is left in the Terminal Control database and some Protected Password entries. In the Terminal Control database, the deleted account name is not removed from the last (un)successful login, and last logout fields of a terminal entry. In the Protected Password entries, the account name is left in the owner field of accounts which the removed account owned, and the password user field of any accounts for which the removed account was authorized to change the password. These remnants in the C2 database files do not affect the system.