Introduction
Introduction Statistics Contact Development Disclaimer Help
Title: Detect left over users and groups on OpenBSD
Author: Solène
Date: 03 April 2023
Tags: openbsd
Description: In this article, I'm sharing a shell script that finds
users and groups installed by packages but not in use anymore
# Introduction
If you use OpenBSD and administrate machines, you may be aware that
packages can install new dedicated users and groups, and that if you
remove a package doing so, the users/groups won't be deleted, instead,
`pkg_delete` displays instructions about deletion.
In order to keep my OpenBSD systems clean, I wrote a script looking for
users and groups that have been installed (they start by the character
`_`), and check if the related package is still installed, if not, it
outputs instructions that could be run in a shell to cleanup your
system.
# The code
```shell
#!/bin/sh
SYS_USERS=$(mktemp /tmp/system_users.txt.XXXXXXXXXXXXXXX)
PKG_USERS=$(mktemp /tmp/packages_users.txt.XXXXXXXXXXXXXXX)
awk -F ':' '/^_/ && $3 > 500 { print $1 }' /etc/passwd | sort > "$SYS_USERS"
find /var/db/pkg/ -name '+CONTENTS' -exec grep -h ^@newuser {} + | sed 's/^@new…
BOGUS=$(comm -1 -3 "$SYS_USERS" "$PKG_USERS")
if [ -n "$BOGUS" ]
then
echo "Bogus users/groups (missing in /etc/passwd, but a package need them)"…
echo "$BOGUS" >/dev/stderr
fi
EXTRA=$(comm -2 -3 "$SYS_USERS" "$PKG_USERS")
if [ -n "$EXTRA" ]
then
echo "Extra users" >/dev/stderr
for user in $EXTRA
do
echo "userdel $user"
echo "groupdel $user"
done
fi
rm "$SYS_USERS" "$PKG_USERS"
```
## How to run
Write the content of the script above in a file, mark it executable,
and run it from the shell, it should display a list of `userdel` and
`groupdel` commands for all the extra users and groups.
# Conclusion
With this script and the package `sysclean`, it's quite easy to keep
your OpenBSD system clean, as if it was just a fresh install.
# Limitations
It's not perfect in its current state because if you deleted an user,
the according group that is still left won't be reported.
You are viewing proxied material from dataswamp.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.