Perform a clean offboarding delete: verify the target account before touching anything, confirm whether the user has active sessions, remove the account and home directory, then validate that both the NSS entry and the home path are gone.
Amina has left the company. You have been tasked with removing her access immediately and cleaning up the account. This is a high-risk operation because deleting the wrong user is irreversible. Verify first, then delete, then prove removal.
In real offboarding workflows, this action is paired with access revocation (SSH keys, sudoers, MFA, app accounts). This lab focuses on the Linux account removal workflow and evidence.
getent passwd
confirms the user record the system resolves via NSS.
who
helps identify active logins before destructive changes.
userdel -r
removes the account and the home directory (and typically the mail spool).
getent
and checking the home path validates removal.
getent passwd aminaThis is the “do not delete the wrong account” checkpoint. Record UID, primary group, home, and shell so your ticket has evidence of what you removed.
amina:x:1055:1055:Amina Hassan:/home/amina:/bin/bashwho | grep aminaDeleting an account while the user is actively logged in can produce messy outcomes and may not remove access immediately if active sessions persist. Confirm session state before the destructive step.
# If no output returns, there is no matching active session.sudo userdel -r amina
The
-r
option removes the user’s home directory and mail spool in
addition to removing the account record.
getent passwd aminaAfter deletion, the system should no longer resolve a passwd entry for the user. This is your immediate “access removed” proof point.
# Expected: no output.ls -ld /home/aminaConfirm the home path does not exist. This is the “cleanup actually happened” evidence.
ls: cannot access '/home/amina': No such file or directoryIf the user is logged in, coordinate timing or terminate sessions per your organization’s offboarding process. Immediate deletion without session handling can leave live shells running temporarily.
The account may own running processes. You must stop those processes or wait for them to exit before removal, depending on policy.
This can happen if the directory is in use, permissions are unusual, or the home path differs from expectations. Verify the home path from the original passwd record and inspect why removal failed.
If the user comes from a directory service, local deletion might not apply. Confirm whether the account is local or centrally managed and validate NSS configuration.
This lab’s cleanup is the end state: the user no longer resolves and the home directory is removed. Re-run the same verification commands to confirm a clean host state.
getent passwd amina
ls -ld /home/amina
getent passwd amina
returns no output and
/home/amina
does not exist.
getent passwd <user>
: Shows the NSS passwd entry for a user.
who
: Shows currently logged-in users.
who | grep <user>
: Filters active session output for a specific username.
|
: Pipes output from who into grep.
grep <user>
: Matches lines containing the username.
userdel -r <user>
: Removes the user and their home directory.
-r
: Remove home directory and mail spool.
ls -ld <path>
: Shows directory permissions and ownership, or proves it is missing.
-l
: Long listing format.
-d
: List the directory entry itself, not its contents.