14

Thats pretty much the question: I would like to know who owns the files belonging to a deleted user

alfish
  • 3,127
  • 15
  • 47
  • 71
  • 1
    Which distro? How are you "deleting" the user? The files' UID/GID will not change unless your user-deletion-tool-or-process performs this step. – jscott Jun 12 '12 at 17:15

3 Answers3

13

Most distributions come with a tool called userdel, or deluser. These won't, by default, remove any of the user's files. So by default, nothing happens to the files owned by that deleted account. They keep their user and group IDs as they are.

In ls and other such listings, you'll see the numeric IDs instead of the usual username (and group if you delete that too).

userdel (and deluser) do have options to remove a specific set of files (namely, the user's home directory and mail spool), but will not do a system-wide search-and-destroy operation. You'll need to do that yourself if you want to (using find, locate or similar tools for instance).

Note that if you re-create a user with the same UID, that new user will end up owning the defunct user's files, so backing up (just in case, maybe not with a long retention) and clearing at least the home directory (including dotfiles) is something that should be considered (for privacy and security issues for instance).

(This is assuming normal filesystems and local accounts, and no "enhanced" user-management tools or policy enforcement software of some type or other that could potentially do anything it wants to orphaned files - you'll need to check the docs for these tools to know exactly to what extent they "destroy" the account.)

Mat
  • 1,536
  • 1
  • 17
  • 21
  • This answer too general the way it is given. There are numerous ways to delete a user and some will indeed flush the home directory ("the files") of the user. Others won't, or at least not by default. All those tools I know won't at least delete files outside of the home folder area. Still, in Debian/Ubuntu `deluser` is the way to go and behaves differently compared to `userdel`. – 0xC0000022L Jun 12 '12 at 18:03
  • 2
    Useless fact #0815: the same even mostly works for *processes* started by that user before he was deleted. The kernel actually has no idea about user or group *names* or about what exists in a password database; all that is entirely up to the login/pam/nss stack. – rackandboneman Jun 12 '12 at 18:04
3

The files and home directories of the users remain. Which in fact is a security risk. When you add another user, then it can get the UID of the deleted user and so it gets the permission to access the files owned by the deleted user.

For this, use userdel -r to remove home directories and files of the user too whom you are deleting.

This is because utilities like ls map the UID to user name to show this.

Soham Chakraborty
  • 3,584
  • 17
  • 24
0

If you are using userdel command make sure to include the -r to remove the user directory created otherwise there will be a residue from the last user you created. #userdel -r "username" solves your problem.

Calvin
  • 1