💾 Archived View for perso.pw › blog › articles › openbsd-delete-old-users.gmi captured on 2024-12-17 at 10:00:43. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-09-29)
-=-=-=-=-=-=-
If you use OpenBSD and administrate machines, you may be aware that packages can install new dedicated users and groups, and that if you remove a package doing so, the users/groups won't be deleted, instead, `pkg_delete` displays instructions about deletion.
In order to keep my OpenBSD systems clean, I wrote a script looking for users and groups that have been installed (they start by the character `_`), and check if the related package is still installed, if not, it outputs instructions that could be run in a shell to cleanup your system.
#!/bin/sh SYS_USERS=$(mktemp /tmp/system_users.txt.XXXXXXXXXXXXXXX) PKG_USERS=$(mktemp /tmp/packages_users.txt.XXXXXXXXXXXXXXX) awk -F ':' '/^_/ && $3 > 500 { print $1 }' /etc/passwd | sort > "$SYS_USERS" find /var/db/pkg/ -name '+CONTENTS' -exec grep -h ^@newuser {} + | sed 's/^@newuser //' | awk -F ':' '{ print $1 }' | sort > "$PKG_USERS" BOGUS=$(comm -1 -3 "$SYS_USERS" "$PKG_USERS") if [ -n "$BOGUS" ] then echo "Bogus users/groups (missing in /etc/passwd, but a package need them)" >/dev/stderr echo "$BOGUS" >/dev/stderr fi EXTRA=$(comm -2 -3 "$SYS_USERS" "$PKG_USERS") if [ -n "$EXTRA" ] then echo "Extra users" >/dev/stderr for user in $EXTRA do echo "userdel $user" echo "groupdel $user" done fi rm "$SYS_USERS" "$PKG_USERS"
Write the content of the script above in a file, mark it executable, and run it from the shell, it should display a list of `userdel` and `groupdel` commands for all the extra users and groups.
With this script and the package `sysclean`, it's quite easy to keep your OpenBSD system clean, as if it was just a fresh install.
It's not perfect in its current state because if you deleted an user, the according group that is still left won't be reported.