Userdel 无法删除用户,提示account xxx is currently in use
现象
卸载oracle失败,提示
userdel: account `oracle' is currently in use.
排查过程
登陆后台,手动删除,结果如下:
Linux:~ # userdel -r oracle userdel: account `oracle' is currently in use.
怀疑有用户登陆,或者定时任务执行,查找crontab和用户登陆信息:
Linux:~ # crontab -u oracle -l no crontab for oracle Linux:~ # w 00:00:06 up 18 days, 19:21, 6 users, load average: 0.49, 0.47, 2.86 USER TTY LOGIN@ IDLE JCPU PCPU WHAT root pts/0 23:57 2:30 0.02s 0.02s -bash root pts/3 08Jun16 12:46 0.11s 0.07s -bash root pts/6 08Jun16 6.00s 8.27s 0.00s w Linux:~ # who root pts/0 Jun 14 23:57 (10.169.106.220) root pts/3 Jun 8 00:41 (10.169.103.5) root pts/6 Jun 8 00:42 (10.169.103.5) Linux:~ # users root root root
查找用户进程:
Linux:~ # pgrep -u oracle
无任务和输出。
突然想起linux有个文件/var/run/utmp记录用户登陆信息,查看该文件:
发现了oracle,继续查看
linux:/var/run # strings utmp reboot pts/4 pts/5 pts/6 oracle 10.169.103.5 pts/7 f\WA pts/8 `W=3 pts/9 `W6p pts/10 pts/11 pts/12 root 10.169.106.220 $_WL pts/13 pts/14 YW-:
解决方法
将该文件置为空后在删除用户,结果如下:
Linux:/var/run # echo >utmp drwxr-xr-x 2 uuidd uuidd 4096 Apr 24 2015 uuidd Linux:/var/run # cat utmp Linux:/var/run # strings utmp Linux:/var/run # userdel -r oracle no crontab for oracle
原因不明,不清楚该用户没有登录的情况下,为什么还会存在记录
附录:
Utmp定义:
utmp, wtmp and btmp[edit]
· utmp maintains a full accounting of the current status of the system, system boot time (used by uptime), recording user logins at which terminals, logouts, system events etc.
· wtmp acts as a historical utmp
· btmp records failed login attempts
These files are not regular text files, but rather a binary format which needs to be edited by specially crafted programs. The implementation and the fields present in the file differ depending of the system or the libc version, and are defined in the utmp.h header file. The wtmp and btmp format are exactly like utmp except that a null value for "username" indicates a logout on the associated terminal (the actual user name is located by finding the preceding login on that terminal). Furthermore, the value "~" as a terminal name with username "shutdown" or "reboot" indicates a system shutdown or reboot (respectively).
These files are not set by any given PAM module (such as pam_unix.so or pam_sss.so) but are set by the application performing the operation (e.g. mingetty, /bin/login, or sshd). As such it is the obligation of the program itself to record the utmp information.
(from: https://en.wikipedia.org/wiki/Utmp)
