How do you kick a benign user off your system?

I was googling this a bit ago and noticed a couple of ways, but I’m guessing that google doesn’t know all. So how do you kick users off your Linux box? also how do you go about seeing they are logged in in the first place? and related… does your method work if the user is logged into an X11 DE (not a requirement I’m just curious)?

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

There’s probably an easier way, but I do this:

1. See who’s logged into your machine — use who or w:

   > who  
   mmrozek  tty1         Aug 17 10:03  
   mmrozek  pts/3        Aug 17 10:09 (:pts/2:S.0)

2. Look up the process ID of the shell their TTY is connected to:

   > ps t  
   PID   TTY      STAT   TIME COMMAND  
   30737 pts/3    Ss     0:00 zsh

3. Laugh at their impending disconnection (this step is optional, but encouraged)

   > echo "HAHAHAHAHAHAHAHA" | write mmrozek pts/3

4. Kill the corresponding process:

   > kill -9 30737

I just discovered you can combine steps 1 and 2 by giving who the -u flag; the PID is the number off to the right:

> who -u
mmrozek  tty1         Aug 17 10:03 09:01        9250
mmrozek  pts/18       Aug 17 10:09 01:46       19467 (:pts/2:S.0)

Method 2

As Micheal already pointed out, you can use who to find out who’s logged in. However if they have multiple processes, there’s a more convenient way than killing each process individually: you can use killall -u username to kill all processes by that user.

Method 3

Necromancy!

I appreciate the humor of the accepted answer, but professionally I can’t advocate it.

The most graceful method I’m aware of is to send a -HUP to the shell to simulate a user hangup. You can send this to the user’s idle sshd to simulate their connection being lost, which triggers a cleanup of the entire shell environment (including child shells), or send this to specific nested shells (say, ones setting inside of a disconnected terminal multiplexer that are keeping you from unmounting a filesystem) if you want to be really precise.

Using write to send messages to terminally idle ptys before you boot them is a fun hobby though.

Method 4

Logout the user ‘username’:

skill -KILL -u username

See man skill

Method 5

Other useful command is pkill here pkill -u username && pkill -9 -u username.
killall have disadvantage that on Solaris IIRC it means something completely different – also pkill have slightly more advanced options.

Method 6

First of all, this indicates a larger problem. If you have users that you don’t trust on your system, you should probably level it and re-image.

With that in mind, you can do some or all of the following:

# set up the environment
$ BADUSER=foo # where foo is the username in question
$ USERLINE=$(grep '^${BADUSER}:' /etc/passwd)
$ BADUID=$(echo ${USERLINE} | awk -F: '{print $3}')
$ BADGID=$(echo ${USERLINE} | awk -F: '{print $4}')
$ BADHOMEDIR=$(echo ${USERLINE} | awk -F: '{print $6}')
$ BDIR="~/backup/home-backup/"
$ TSTAMP=$(date +%F)
$ TAR_FILENAME="${BADUSER}-${TSTAMP}.tar.bz2"
$ OWNED_FILENAME="${BADUSER}-files-${TSTAMP}.txt"

# disable the user's future login
$ sudo chsh -s /bin/false "${BADUSER}"

# kill all of the user's processes
$ BADPROCS=$(ps auwx | grep '^${BADUSER} ' | awk '{print $2}')
$ sudo kill -9 ${BADPROCS}

# back up/clear the user's home directory
$ mkdir -p ${BDIR}
$ sudo tar -cfj ${BDIR}/${TAR_FILENAME} ${BADHOMEDIR}
$ sudo rm -rf ${BADHOMEDIR}/.* ${BADHOMEDIR}/*

# find all files owned by user
$ sudo find / -user ${BADUSER} > ~/backup/${OWNED_FILENAME}

# remove user
$ sudo userdel ${BADUSER}

Method 7

I looked all around and could not find a single script to automate this task.

So, based on the solutions proposed here I mixed everything in an interactive Bash script that lists the users and sessions from who -u for the user to choose what to do.

You can then either:

• kill all sessions for a user
  
killall -u <username> -HUP

• kill a specific session
  
kill <PID>


All the required information comes from who -u and is then parsed using mapfile and awk.

I will add the possibility to send a message using write later (forking the process with a delay).

I will probably add the option to kill a specific session with kill -9 as well. But I had no problems with just kill and as pointed by others, kill -9 should be avoided if possible.

You can check the code on github if you want to try it or learn more about how I am doing it in an automated way:

• https://github.com/tavinus/kick.sh

Method 8

So how do you kick [benign] users off your Linux box?

In the end it comes down to identifying and ending those processes that are owned, associated, or spawned from a user-id. Whatever commands you use to get to that end goal doesn’t necessarily matter as long as you get there.

Basically two answers…

Option A: causing a log out of said user, for which ever and however many logins they have. So this would mean identifying those processes that are owned by a user, traceable by uid, and classified as part of some login process for the given linux distro you are running. Realize there are parent processes such as SSH or VNC before the “login” and child processes such as GDM after the “login” Usually killing a parent process will kill the child process, but not always. So you would want to kill these other processes that are obviously no longer needed after the log out. In doing all this, this would keep background jobs running… because it’s a benign user and maybe you just want to log them out. As far as i know, /usr/bin/w and /usr/bin/who will report who has passed through the log in process.

option B: end all processes owned by a specific uid completely, which would simply mean killing any and all processes owned by said user, this would also log them out if they are logged in. This would satisfy the kick them off the system. That only needs to be a simple ps -ef | grep <uid> and then ending all those processes in whatever manner is acceptable.

fwiw in SLES 11 it reports

man skill
… These tools are probably obsolete and unportable. The command syntax is poorly defined. Consider using the killall, pkill, and pgrep commands instead.

kill -9 FTW !

Method 9

In my opinion, it is not really useful to use killall -u username because if it is the same user as you, you will kick yourself off. So kill the process will be a better solution.

Method 10

This command worked great for the GUI my “significant” refuses to sign out of…

<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="acc0c9cddac9dfecc1c9">[email protected]</a>:/# skill -HUP -u username

• I don’t know what happened.
• There must have been an update.
• The “Google” was down again.
• It was a virus on the InterWebs.

Some diversions in case you need them.

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0