How to Delete a User in Linux When the System Says Its Currently Used in a Process

Last updated: March 18, 2024

Reviewed by: Michal Aibin

1. Overview

In this tutorial, we’re going to talk about deleting users.

For all the following text, we assume that all code executed after a # needs root privileges, whereas $ denotes a regular user.

To get root, we can use su – followed by the root password, sudo <command> or sudo -i followed by the user’s password if he has sudoers rights.

2. userdel and deluser

On a typical Linux system, the are two shell tools that are responsible for deleting a user, userdel, and deluser.

We might ask why two tools exist and how they differ.

So let’s have fist a look at both commands:

$ file `which userdel`
/usr/sbin/userdel: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked,
 interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=cdf46de13b11b883951743d5652347a141bafba7,
 for GNU/Linux 3.2.0, stripped

and:

$ file `which deluser`
/usr/sbin/deluser: Perl script text executable

So, the first one is a binary compiled program written in C.

The second one is a shell script, Perl in this case.

We now know the technical difference, but what does it mean for everyday work?

When we look at the Debian man page for userdel, it states:

userdel is a low level utility for removing users. On Debian, administrators should usually use deluser(8) instead.

And the man page for deluser says:

They are friendlier front ends to the userdel and groupdel programs, removing the home directory as option or even all files on the system owned by the user to be removed, running a custom script, and other features.

So, we’re best off if we use deluser instead.

3. Troubleshooting User Deletion

Sometimes a call to deluser might fail, e.g., if there’s still a process running under that account.

At first, we can try to find that process by issuing:

# ps aux | grep <username>

And if that yields any result, we can use the kill command to get rid of that process:

# kill -9 <pid>

If that still doesn’t work, we can add the –force parameter:

# deluser --force <username>

4. Manually Deleting a User

If even the forced removal didn’t work, manual intervention is required. Rebooting the computer might work but often is not feasible on a production system. And it is not necessary at all.

If we want to delete the user manually, we need to remove his home directory and two file entries.

To get to the location of the home directory (which is often, but not always located below /home), we issue the following command:

# grep <username> /etc/passwd

We get a result like this:

<usernme>:1000:1000:<username>,,,:/home/<username>:/bin/bash

The fields are the user account, the user id, the user’s primary group, the GECOS field, the home directory, and the shell.

We can now remove the home directory if we like (rm -rf /home/<username>) and use a text editor like vim to remove the user from two files.

The files which needed to be edited are /etc/passwd which we already know, and /etc/shadow, which contains a line with the username and the hashed password.

5. Conclusion

In this article, we discussed how to delete a user and what to do if that doesn’t work as expected.

Comments are open for 30 days after publishing a post. For any issues past this date, use the Contact form on the site.