Script to delete users in the servers

muraliinfy04 · January 1, 2015, 11:20pm

Hi Team,
Hope you are doing good.I am new to scripting.I have a requirement of deleting around 10 users in 100 servers.It is very time consuming by logging into each servers and delete the user.Here I have redhat 6 ,Suse linux 10&11 environment servers.

In one set of servers I have root access I can directly login.In another set of servers I need to do sudo to root and delete the users.

I really thankful if someone provide me the script to delete the users.

Script to delete users logged in as root
Script to login as normal id, sudo to root and then delete the users.

Advance thanks for your replies.

RudiC · January 2, 2015, 7:24am

Did you consider the threads proposed at the bottom of this page?

sea · January 2, 2015, 9:29am

Some additional things to consider:

At a chance of ~ 99% those 10 users will be all the same on all the servers.
Why login as normal user and do sudo?
What if no sudo was installed
So just login as root and delete those 10 users, see: man userdel
It might not be safest to 'delete' currently (as root) loged in accounts. (eg: What if the fstab was open, or it was in the middle of rebuilding dracut?)

Hope this helps

rbatte1 · January 2, 2015, 9:32am

Hello muraliinfy04,

Assuming that these are all local accounts (i.e. there is no LDAP in play) I have a few to questions pose in response first:-

What have you tried so far?
What output/errors do you get?
What are your preferred tools? (C, shell, perl, awk, etc.)
What logical process have you considered? (to help steer us to follow what you are trying to achieve)
What logical steps do you think would e most suitable?
Are any firewall rules going to stop any single server connecting to any other?
Do you have any trust between servers, for instance rlogin or ssh?

Most importantly, What have you tried so far?

There are probably many ways to achieve most tasks, so giving us an idea of your style and thoughts will help us guide you to an answer most suitable to you so you can adjust it to suit your needs in future.

We're all here to learn and getting the relevant information will help us all.

muraliinfy04 · January 2, 2015, 9:06pm

Hi thanks for your reply.Here is my response.
@Sea:

All the 10 users are same in all the servers.But there could be chances that in few servers the users may not exist.As these are different environments(eg:prod, dev etc)
As per the security compliance of the client(only few clients) we need to login as normal user and then sudo to root.Then we need to work as root.This is only for few clients.Rest of the clients we can directly login as root.
Sudo is installed and available.
As now a days we are getting this activity frequently I just want to automate it.We can login as root and delete users if it is single server.Here we have multiple servers.Logging into each server and deleting users will be time consuming.
Those 10 users have already left organisation.They are inactive users so we can delete them.

@rbatte1:

yes all the accounts are local accounts.
I have tried to delete users manually login to the servers. As it appears to be time consuming I just thought of automating it.
As I have tried manually I did not get any errors.
preferred tool is shell/perl
I have verified that users are inactive and they are not logged in recently.We generally use userdel command and comment out entries in /etc/passwd & /etc/shadow if user details exists.We will take backup of these two files before editing them.
No firewall restrictions imposed.we can connect servers as we want which are in same environment(ex:prod as one environment,Development as one environment)
yes. Servers are trusted.We can use ssh and rlogin.

Thanks again for your replies.

rbatte1 · January 7, 2015, 6:28am

If you can submit remote commands in with ssh or remsh/resh/rsh, then you you set up a double loop, a bit like this:-

for server in $server_list
do
   ssh $server "for userid in $user_list
      do
         userdel $user_list
      done"
done

This is entirely untested and just theoretical, but as a structure it might give you something to work with. You would be sensible to add error checking and some sort of response/logging so that you can verify the actions afterwards. If the command is different on different servers, you will have to handle that somehow.

Of course, the server that you choose to run this loop would need to be able to get through the firewall to each server listed, but I hope that this gives you something to work with. Have a go and let us know if you get stuck.

If you want to do a dummy run, then perhaps change the remote command to run to something like this:-

userdel ; for userid in $user_list
      do
         echo userdel $user_list
      done

The extra userdel will ensure you can see the command in your path (and give the usage statement)
The echo will then show you what commands it would try to issue.

I hope that this helps,
Robin