userdel - Deletes a user login account from the system.
/usr/sbin/userdel [-r] login
/usr/sbin/userdel [-D] [-r] [-R] [-t type] [-P] [-x
When enhanced security mode is enabled this option deletes
the user account from /etc/passwd file and the enhanced
security protected password database. Removes a users
home directory from the system. This directory must exist
and must be owned by the user whose login account is being
deleted. When enhanced security is enabled, retires the
account without deleting entries from the databases or
removing home directories. Removes a local plus (+) or
local minus (-) NIS user from the user database. The value
of the type parameter can be + or -. Removes PC accounts
only, without deleting the users existing UNIX account.
Extended_options are of the form attribute=value. You may
enter any number of extended options (within the character
limit of the command line) by separating each option with
a space. Alternatively, they may be entered separately
following the -x switch. Note that some extended options
are only available under specific system environments.
The following sets of extended_option attributes
are available: The value 1 indicates that the
account to be deleted is local. The value 0 indicates
that the account is to be deleted from some
other database, either NIS or LDAP. The value 1
indicates that the account to be deleted is an NIS
user account. You must be on the NIS master to
delete an NIS user. The value 1 indicates that the
account to be deleted is an LDAP account. LDAP must
be configured, and you must be on the LDAP server
or on an LDAP client with permission to modify the
The following extended_option attribute is available for
PC group administration if the Advanced Server for UNIX
(ASU) is configured and running: The value of the pc_synchronize=n
attribute can be 0 or 1. If set to 1, both PC
and UNIX accounts will be affected by delete operations.
If set to 0, only UNIX accounts will be affected and by
delete operations and the PC account will be unaffected.
The userdel command is part of a set of command line
interfaces (CLI) that are used to create and administer
user accounts on the system. When The Advanced Server for
UNIX (ASU) is installed and running, the userdel command
can also be used to administer PC accounts. Accounts can
also be administered with the /usr/bin/X11/dxaccounts
graphical user interface (GUI) or the sysman(8) Accounts
Different options are available depending on how the local
system is configured: In the default UNIX environment,
user account management is compliant with the IEEE POSIX
Standard P1387.3. If enhanced (C2) security is configured,
additional options and extended options can be used.
The CLI is backwards-compatible, so all existing local
scripts will function. However, you should consider testing
your account management scripts before using them.
The userdel command deletes a user's login account from
the system and makes the login-related changes in the
appropriate system files determined by the current level
of security. Additionally, the files and directories contained
under the user's home directory can be removed from
With the -x option, the system administrator can specify
extended options, such as whether the user login account
to be deleted is local, resides in the NIS master
database, or resides in the LDAP database. If -x option is
not specified, the user login account is deleted from the
appropriate database as specified by the system defaults.
The default behavior on the system for the userdel command
is as follows: local=1, distributed=0,and ldap=0. With
these values, the system deletes the user from the local
database. Certain combinations of these settings are
incompatible and produce an error: it is invalid to set
all of these values to 0 or set more than one of them to
When NIS or LDAP are available, the user may have secondary
group memberships in more than one type of group.
The user is always deleted from all secondary groups of
the same type. If a member of groups of another type, the
user will also be removed unless there is a user account
with the same name in the corresponding database. For
example, an LDAP user may have been given secondary membership
in a local group. When the LDAP user is deleted,
membership in the local group is also removed unless there
is a local user with the same name.
Note the following restriction that applies to this
You must have superuser privilege to execute this command.
The userdel command exits with one of the following values:
Success. Failure. Warning.
The following example removes the local plus (+) user,
newuser1: % userdel -t + newuser1 The following example
removes the NIS user, newuser4, from the NIS master
% userdel -r xyz The following example deletes the
UNIX account for studentB, removing the home directory and
its corresponding PC account.
% userdel -r -x pc_synchronize=1 studentB
The userdel command operates on files for the specific
level of system security.
Commands: groupadd(), groupdel(), groupmod(), useradd(),
Manuals: System Administration, Security, Advanced Server
for UNIX Installation and Administration
[ Back ]