2

I know deleting user with userdel username can cause information leakage and other security issues (as tutorial book says, administrator should delete user with -r option). But i tried it to see what happens. Now i have "unowned" directories left. I can delete them with cd /home; rm -r username. Is there any quick way of doing it?

The book says:

The root user can find "unowned" files and directories by running: find / -nouser -o -nogroup 2> /dev/null

How does it work?

rzaaeeff
  • 532
  • 4
    The above command just does a find of files that have no valid user or group owners. STDERR messages are sent to /dev/null – fpmurphy Mar 15 '15 at 17:28
  • @fpmurphy1 that looks like an answer. People don't always look at the comments so you may want to post it below. – Bratchley Mar 15 '15 at 17:37
  • @fpmurphy1, thank you so much! I understand I/O redirection, but i don't understand those options: -nouser -nogroup. How do they work since files are not linked in system? – rzaaeeff Mar 15 '15 at 18:27
  • @Bratchley, it's not an answer. My main question is about deleting home directory. Thank you. – rzaaeeff Mar 15 '15 at 18:28

2 Answers2

5

Okay, i solved it myself. With help of find / -nouser -o -nogroup 2> /dev/null you see all unlinked/unowned files on your system and you can delete every single file left on your system.
If you didn't use -r option with userdel command, you can do the following to get rid of all old user's files.

  1. Delete removed user's home directory. cd /home; rm -r username
  2. Find remaining files: find / -nouser -o -nogroup 2> /dev/null.
  3. Delete every file in the output of previous command.

Important edit: Instead of these 3 steps, use: 

find / -nouser -o -nogroup 2> /dev/null | xargs rm -fr

It removes every single output of find command with force (-f) and recursive (-r) options of rm command.

Quote from @Tim Pierce's answer on this question:

xarg reads lines on standard input and turns them into command-line arguments, so you can effectively pipe data to the command line of another program.

Edit #2: According to @roaima, we need to use:

find / \( -nouser -o -nogroup \) -print0 | xargs -0 rm -rf

Good luck!

Community
  • 1
rzaaeeff
  • 532
  • 1
    If you run that find ... xargs you could sooner or later end up deleting your entire filesystem, thanks to potentially "malicious" filenames. Use find / \( -nouser -o -nogroup \) -print0 | xargs -0 rm -rf instead. – Chris Davies Mar 15 '15 at 21:33
  • 1
    instead of xargs and rm use -delete as the last agument to find, this was such a common problem they made it a built in. – Jasen Mar 15 '15 at 22:46
  • 1
    I would do the bare find first, you may have other unowned files on your system that shoud belong to someone else instead of being deleted. especially of the user was working with shared files. – Jasen Mar 15 '15 at 22:48
  • @roaima, thank you for comment, it works like a charm. – rzaaeeff Mar 16 '15 at 03:11
  • @Jasen, thank you, but that didn't work. Using rm is best in my mind, because it will delete folders too. About shared files: Shared files can't be "unowned". They will have owner = user, at least hostname. – rzaaeeff Mar 16 '15 at 03:18
  • @rzaaeeff the owner of a "shared" file could easily be the account for which you're trying to delete files. – Chris Davies Mar 16 '15 at 08:38
  • @roaima, thank you, i didn't know it. Could you provide link to explain -print0 and -0 options? – rzaaeeff Mar 16 '15 at 10:39
  • @rzaaeeff man find and man xargs – Chris Davies Mar 16 '15 at 11:19
0

Or simpler, in the current directory:

sudo find . -nouser -nogroup | xargs rm -rf

Change . to the folder you want to check, / if it's for your entire filesystem.

Jaleks
  • 2,579
Hugo
  • 1