How to remove a user in Linux

Removing a user account in Linux protects system integrity when access is no longer required, such as after an employee departure or a project handover. Deprovisioning unused logins reduces the attack surface and keeps authentication data aligned with current organizational needs.

User accounts are represented by entries in /etc/passwd, /etc/shadow, and /etc/group, along with a home directory and optional mail spool. On Debian and Ubuntu systems, the deluser utility coordinates removal across these files and related directories, avoiding manual edits that can introduce inconsistencies. Using a single purpose-built command ensures account data, group memberships, and ownership references are updated in a predictable way.

Account removal is inherently destructive because it can detach or delete personal files, application state, and SSH keys. Important data should be backed up before any deletion occurs, and system or service accounts should not be removed without understanding their role. The following procedure assumes a Debian or Ubuntu environment using deluser with a regular, non-system user account.

1. Open a terminal with sudo privileges.

   $ whoami
   user

   Administrative access via sudo or a root shell is required for account management.

2. List local user accounts and identify the login to remove.

   $ getent passwd | tail -5
   nm-openvpn:x:118:124:NetworkManager OpenVPN,,,:/var/lib/openvpn/chroot:/usr/sbin/nologin
   gdm:x:126:131:Gnome Display Manager:/var/lib/gdm3:/bin/false
   systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin
   user:x:1000:1000:user,,,:/home/user:/bin/bash
   shakir:x:1001:1001:shakir,,,:/home/shakir:/bin/bash

   Substitute shakir with the actual login name targeted for removal in subsequent commands.

3. Confirm that the target entry corresponds to a regular user and not a system account.

   $ getent passwd shakir
   shakir:x:1001:1001:shakir,,,:/home/shakir:/bin/bash

   Low numeric UIDs (for example, below 1000 on many distributions) typically indicate system or service accounts that should not be removed casually.

4. Terminate processes that are currently running under the target account.

   $ sudo pkill -u shakir
   [sudo] password for user: 

   Terminating a user’s processes can interrupt active work and cancel running jobs; confirm the timing with operational requirements before proceeding.

5. Verify that the user is no longer logged in to the system.

   $ who
   user     :0           2025-01-23 10:28 (:0)

   Absence of the target login in the who output indicates no active interactive sessions remain.

6. Back up the user’s home directory or selected data if retention is required.

   $ sudo cp -a /home/shakir /backup/shakir-$(date +%Y%m%d)

   Using the -a option preserves ownership, permissions, and timestamps for forensic or archival purposes.

7. Delete the user account and remove the associated home directory.

   $ sudo deluser --remove-home shakir
   Removing user `shakir' ...
   Warning: group `shakir' has no more members.
   Done.

   Using --remove-home permanently deletes the user’s home directory and mail spool, making recovery difficult without a prior backup.

   To retain the home directory while removing only the account, omit the option and run sudo deluser shakir instead.

8. Confirm that the account and group entries no longer exist.

   $ id shakir
   id: ‘shakir’: no such user
   $ grep shakir /etc/passwd
   $ grep shakir /etc/group

   Empty grep results for the username confirm that the primary account and any matching group entries have been removed from system databases.

9. Verify that the user’s home directory has been removed or retained as intended.

   $ ls -l /home
   total 4
   drwxr-xr-x 15 user user 4096 Oct 25 09:28 user

   Absence of a directory matching the deleted username indicates that /home cleanup was completed by deluser.