[Tip] Housekeeping Tasks Made Easy - User Home directories and Leftover Files
We have regularly questions about how to create users and user accounts. But regularly user accounts need to be deleted too. It is quite easy to delete the user account itself but usually the HOME directory of the user remains.
It is good style to remove these directories but simply deleting them can pose a problem: just because an account does no longer exist doesn't mean all its files are useless. It makes sense to backup these directories therefore but keep the backups somewhere safe in case they are needed again.
Here is a little script that: searches the /home directory for directories with no owner - these usually are the leftover hoe directories of deleted accounts - and then creates a gzipped tar-archive and finally deletes the directory itself.
Here it is:
After running this look for "*tar.gz" files in /home. These are the archives. Put them on long-term storage or whatever you want to do with them.
Another thing is files and directories with no owner. In principle such a thing should not exist but updates (even from renowned manufacturers like IBM) regularly introduce these, because they forget to remove their developers ownerships when they create their packages for the rollout. The last years i regularly found such files in freshly updated AIX systems.
Tarballs also regularly introduce such files because their restore their content with all the ownership information of the system the tarball was created at. Usually this is an intended effect but if you download something from a foreign system (i.e. from somewhere on the internet) this poses a problem.
First, search for surch files to get an impression of what the problem is:
You may want to exclude some directory - i.e. application directories - from this search because the application team is responsible for them and have to take care for these. You can exclude a directory like this:
I suggest you carefully analyze the content of the file /tmp/found_files. It is always better to check first than to fix later. If you are satisfied and want all the files to be changed - usually to root:system, root:root or something similar, depending on your system - you can run:
If you want to give some of the files to other users/groups just do that (manually or by a variation of the above line) before running this command. Once they have a proper ownership they are ignored because of the -nouser clause.
I hope this helps.
bakunin
Last edited by bakunin; 07-28-2019 at 09:57 AM..
These 4 Users Gave Thanks to bakunin For This Post:
I once had two scripts for our customer:
1. scanning "unowned" homedirs for recently accessed files. If nothing found, delete. If something found, display it and stop the search - and do not delete.
2. scanning shared project directories in "deepest first fashion" (find -depth), and assign each "unowned" directory to the owner of its parent directory.
This User Gave Thanks to MadeInGermany For This Post:
Location: Asia Pacific, Cyberspace, in the Dark Dystopia
Posts: 19,118
Thanks Given: 2,351
Thanked 3,359 Times in 1,878 Posts
I run a similar, but different, script like this to scan an enter web file system and check ownership and permissions of each file and directory in that part of the filesystem, as a security measure.
When filesystems are secure, it is difficult for malicious code from the web to write to the file system using flaws in the web code.
1. scanning "unowned" homedirs for recently accessed files. If nothing found, delete. If something found, display it and stop the search - and do not delete.
Yes, that is another possible solution. A problem could be that users put things in their homedir crontab and so some files get regularly accessed even if the accounts are deleted. If this or my solution is better is perhaps depending on the environment you work in, policies in place and - last but not least - personal taste. The real point, though, is to take care of (removed users) data in some way in specific and to not let accumulate data waste on the system in general.
Quote:
Originally Posted by MadeInGermany
2. scanning shared project directories in "deepest first fashion" (find -depth), and assign each "unowned" directory to the owner of its parent directory.
This is a very good idea! I will update the above script eventually when i find time.
Hi,
when I installed debian 8, all files are created and owned by root, when I add new user, for example marco, he can't create directory or change files created by root. I tried with ftp, permission denied.
so, I am interested how to grant to user marco ownership of all files in the system so... (5 Replies)
I've allocated /exports for all user directories by making separate directories under /exports.....
:rolleyes:
now i need to unmount /exports . But i'm unable to do that..
How can i troubleshoot this issue.
Thanks in advance:D (2 Replies)
Hello i hope this post is ok! and i hope that i get the point of rules :)
i made this tasks by my self but few of them arent working.. and i dont know why!?
u think u could help me? to give me some reasons why dont they work.. and remake my code that will work?
hope to get answer soon!
... (9 Replies)
1. The problem statement, all variables and given/known data:
Need to verify that all user home directories are writable only by their owner on Solaris. The script posted below is workable but it is taking a long time to display the results, and I don't seem to be able to fix it or find any... (6 Replies)
Hi, I'm currently working on my school assignment on how to verify that all user home directories are writable only by their owner on Solaris with VMware. But I'm not sure why my codes take a very long time to display the results. My friend says it's the `su - $i -c "ls -ld" 2> /dev/null | grep... (1 Reply)
Hi!
Need your help. How can I delete the cache folder of multiple user home directories via automatically executed shell script on a Mac OS X Server?
Example:
The userdata are stored on a Xsan Volume like this:
/Volumes/Xsan/userdata/mike
/Volumes/Xsan/userdata/peter... (2 Replies)