Red Hat Enterprise Linux 5 Administration Unleashed

218CHAPTER 9Managing Users and Groups. Do not use the date of a special occasion people know about such as your weddingdate.. Try using the first letter of each word in a catchy phrase you can easily remember soyour password is not a dictionary word.. Try replacing a few letters of a real word with numbers or special characters to helpyou remember it.Consider posting these simple tips on the company’s intranet so users can refer to themwhen changing their passwords.Deleting AccountsWhen an employee is terminated or quits the company, time is of the essence when itcomes to disabling and deleting the user’s account. As an administrator, you will developa step-by-step process for systematically removing users if you haven’t done so already. Afew actions to consider include disabling the account as soon as you are told that theemployee no longer works for the company. This can be done by simply adding the !character to the beginning of the password field for the user in /etc/shadow. The user canno longer log in, but all the user’s data is still intact. This does not terminate any existinglogin sessions, so be sure to also determine whether the user is already logged in to anysystems on the network and terminate those sessions.After disabling the account, determine whether the files owned by the user such as files inthe user’s home directory and email need to be saved. If the answer is yes, be sure to backthem up before removing the user account and the files associated with the user accountsuch as the home directory, mail spool, and temporary files.When removing files owned by the user, do not just search for them and delete them allfrom the system or a shared filesystem. If functional groups inside the organization havea shared directory setup, the former employee might have owned some of the files agroup is using and still needs. If files of this type are found, be sure to assign the files to anew owner still in the functional group and verify that the permissions allow the groupto continue working.Also look for cron jobs set up by the user. Before deleting them, again, make sure they arenot used by a group instead of the individual user. If any of them are for group use, thecron task will need to be set up with a different owner.Structuring Home DirectoriesThe /home directory, or whatever directory you have chosen to store users’ home directories,can either be on the local filesystem or on a remote filesystem mounted by all necessaryclients. In an enterprise environment, the remote filesystem is more likely because itis more scalable—one large storage system is easier to back up on a regular, automatedbasis, each client system has less to configure, users can log in to more than one systemand have access to the same home directory, among other things.