From Gentoo Linux Wiki

[edit] User and Group system files

User and group information are kept on these system files:

• /etc/passwd: User account information
• /etc/shadow: Secure user account information
• /etc/group: Group information

[edit] Format of /etc/passwd

This file gives a listing of the users that have accounts on the system. Users can be directly added to the file when edited by root, but users are typically added using the useradd command. Format:

username:password:uid:gid:user_info:home_directory:shell_type

• username - The name the person logs in with
• password - Typically x to indicate a password is set
• uid - The system number assigned to a user to indicate which files they own or have access to.
• gid - The group id number which is the principle group they belong to.
• user_info - Information about user separated by a comma. Possible information includes: Full name, Room number, Work number, Home phone, and Other
• home_directory - The directory that the user owns. Typically /home/username
• shell_type - The default shell setting is /bin/bash.

[edit] Format of /etc/shadow

The /etc/shadow file is the encrypted password file. This file is not typically directly edited. Format:

username:encrypted password:11843:0:99999:7:::

• username - The name the person logs in with
• encrypted password - Typically x to indicate a password is set
• #:#:#:#::: - Contains information about the number of days since the password was changed, when it expires or is disabled.

[edit] Format of /etc/group

It lists the groups that have been created on the system and who is in each group. Groups can be managed by creating new lines in the file following the convention, users can be added to an already existing group by adding the new username to the end of the other usernames or after the semicolon of the gid if there are no other members. Format:

groupname:password:gid:username1,username2,username3

• groupname - The name the person logs in with
• password - An x indicates a password is set and if left blank no password has been set.
• gid - The group id number which is the principle group they belong to.
• usernames - Members of the group separated by a comma

[edit] Disable user's password

The first task is to disable the user's password. The command passwd -l locks the account by changing the password to a value that cannot be matched by any possible encrypted value.

passwd -l username

[edit] Find The User's Files

You have to decide whether to keep or delete user's files. You will find them using find command.

find / -user username

[edit] Change The Login Shell

As extra security, you can change the user's login shell to a dummy value. Change the last line in the /etc/passwd file to something like * or /dev/null. Change /etc/passwd from:

username:x:1023:1023::/home/username:/bin/bash

To:

username:x:1023:1023::/home/username:/dev/null

[edit] Remove SSH Keys

If your system uses Secure Shell (SSH) and you allow remote RSA or DSA key authentication, a user can get access to the system even if the password is disabled. If you kept the user's home directory, you should remove authorized keys from ~username/.ssh, shosts and rhosts.

rm -r /home/username/.ssh/*
rm -r /home/username/.ssh2/*
rm -r /home/username/.shosts
rm -r /home/username/.rhosts

[edit] Kill The User's Processes

Check if the user has any processes running on the system and kill it.

# ps aux | grep -i ^username
# kill ProcessIDentifyer

[edit] Remove User's Cron Jobs

Check whether the user has cron jobs:

# crontab -u username -l

and delete them:

# crontab -u username -r

[edit] Remove User From sudoers

If you have sudo installed, you should disable or remove the user from /etc/sudoers. You could use the visudo command:

# visudo