HB Computer Security | Aide Memoire
  • Introduction
  • Core Technical Skills
    • Core Skills
      • Linux
        • Getting to Know Linux
          • Using the Shell
            • Shells, Terminals, and Virtual Consoles
            • Choose your Shell
            • Shell Commands
              • Non-PATH Commands
              • Command History
                • Command Line Editing
                  • Keystrokes for Navigating Command Lines
                  • Keystrokes for Editing Command Lines
                  • Keystrokes for Cutting and Pasting Text from within Command Lines
                • Command Line Recall
                  • Keystrokes for Command Line Recall
              • Connecting and Expanding Commands
                • Piping Between Commands
                • Sequential Commands
                • Expanding Commands
            • Shell Variables
              • Common Shell Variables
            • Aliases
            • Create your Own Shell Environment
              • Modification Ideas
          • Navigating the Linux File System (LFS)
            • Filesystem Commands
            • Listing Files and Directories
            • File Permissions and Ownership
              • Modifying Permissions with chmod
              • Modifying Default Permissions with umask
              • Change File Ownership with chown
            • Copying, Moving, and Removing Files
            • Finding Files
              • locate
              • find
              • grep
            • Downloading Files
              • axel
              • wget
              • curl
                • User-Agent: Googlebot
          • Working with Text Files
            • Using vim and vi to Edit Text Files
              • Starting with vi
              • Adding Text
              • Moving Around in the Text
            • Text Manipulation
        • System Administration
          • Installing Linux
            • Installing from Live Media
            • Installing in the Enterprise
            • Partitioning Hard Disks
              • Tips for Creating Partitions
          • Account Administration
            • The root Account
              • Becoming root with su
              • sudo
                • The /etc/sudoers File
                • Granting sudo privileges
                  • visudo Guidance
                • Useful sudo Hints
            • Other Administrative Accounts
            • Standard User Accounts
              • Risks of userdel: Orphaned Files
          • Graphical Remote Administration
            • Cockpit
              • Installation Guide
            • Remote Desktop Protocol with xrdp
              • Installation and Configuration
            • Remote Desktop with vnc
              • Installation and Configuration
              • Running VNC as a System Service
          • Managing Running Processes
            • Listing Processes
              • ps
              • top
              • htop
            • Backgrounding and Foregrounding
              • Starting a Background Process
              • Using Foreground and Background Commands
            • Killing and Recining Processes
              • kill and killall
          • Managing Software
            • Managing Software from the Desktop
            • Going Beyond the Limitations of Software Center
              • Debian Packages
                • Advanced Package Tool (apt)
                • Repositories
                • dpkg
        • Shell Scripting
          • Variables
            • Command Substitution
            • Arguments
          • Reading User Input
          • if, else, and elif
          • BOOLEAN Logic
          • Loops
            • for Loops
            • while Loops
          • Functions
          • Local Vs Global Variables
          • Summary
        • Securing Linux
      • Windows
        • Security Hardening
Powered by GitBook
On this page
  • Identifying Orphaned Files Post Account Deletion
  • Find Files with No Existing User:
  • Limit the Search to Certain Directories:
  • Handle Orphaned Files:
  • Automate Regular Checks:

Was this helpful?

  1. Core Technical Skills
  2. Core Skills
  3. Linux
  4. System Administration
  5. Account Administration
  6. Standard User Accounts

Risks of userdel: Orphaned Files

When you’re maintaining a Linux system, using the userdel command to remove user accounts might be a routine task. However, it’s a tool that should be wielded with care due to the risk of creating orphaned files.

Orphaned files are files that remain on the system without a valid owner, typically because the user account that owned them has been deleted. This can happen when you remove a user account without the -r option, which leaves behind the user's home directory and any files the user owned elsewhere on the system.

Here's why this is important:

  1. Security Orphaned files can pose a security risk if they contain sensitive information that's no longer properly managed

  2. Storage and Clutter These files can consume valuable disk space and lead to clutter, which can complicate system maintenance and backups

  3. Accountability Without an associated account, it's harder to determine who created these files or for what purpose they were used

  4. System Integrity Certain orphaned files, if they were part of active processes or services, might affect the system's behavior or stability

Identifying Orphaned Files Post Account Deletion

When you delete a user account without removing the user's home directory and other associated files, it's crucial to track down these orphaned files to ensure they don't compromise your system's security or efficiency.

Here’s a few ways you can identify orphaned files on your system...

Find Files with No Existing User:

To find all files on your system that do not have an associated user account, you can use the find command with the -nouser option. This should be done with root privileges to ensure system-wide access:

sudo find / -nouser

This command scans the entire filesystem for files that belong to user IDs without a matching entry in the /etc/passwd file. Be prepared; this can take some time on large or heavily utilised systems.

Limit the Search to Certain Directories:

If you suspect the orphaned files are in certain directories, you can limit the search to those paths to speed up the process:

sudo find /path/to/directory -nouser

Replace /path/to/directory with the actual directory path you want to check.

Handle Orphaned Files:

Once you have identified orphaned files, decide on a course of action for each. You might want to:

  • Move them to a backup or archive location

  • Assign them to an active user with chown

  • Delete them if they are no longer needed

Automate Regular Checks:

It’s good practice to regularly check for and handle orphaned files. This can be automated with a cron job that runs the find command and logs orphaned files to a report. For example, to run this check weekly, you could add the following line to /etc/crontab:

@weekly root find / -nouser -o -nogroup >> /var/log/orphaned_files_weekly.txt

This would append a list of orphaned files and files without a group to a log file every week. You can then review this log file periodically to take appropriate action.

cron is essentially to Linux what Scheduled Tasks are to Windows - you can set automated processes to run at set times or intervals. We will deep dive into them later, but for now, just know that they are a thing.

Remember, always carefully review the list of orphaned files before taking any bulk action, as some files might be intentionally unassigned or required for certain system functions. When in doubt, consult with your team or system documentation.

PreviousStandard User AccountsNextGraphical Remote Administration

Last updated 1 year ago

Was this helpful?