Specifications
106 Chapter 8 Managing User and Group Accounts
Removing a User Account
You can remove a user account by using the dscl tool. This does not remove the user’s
home folder and the data that may be stored there. You can use the Finder to drag the
deleted user’s home folder to the Trash.
To remove a user account:
1 Start the dscl tool in interactive mode, specifying the computer you are using as the
source of directory service data:
$ dscl localhost
>
2 Change the current folder to /LDAPv3/ipaddress/Users by entering the path at the
prompt:
> cd /LDAPv3/
ipaddress
/Users
Replace
ipaddress
with the IP address of your directory server.
3 Authenticate as an administrator by entering the following command, replacing
adminusername with an administrator’s user name, and entering that administrator’s
password when prompted:
> auth
adminusername
4 Delete the user account by entering the following command, replacing ajohnson with
the user account’s short name:
> delete
ajohnson
5 Quit dscl by entering:
> quit
A user account usually has a matching group of the same name. For information about
deleting this group, see “Removing a Group Account” on page 112.
Preventing a User from Logging In
Sometimes it is necessary to revoke a user’s ability to access the computer. This involves
preventing the user from logging in and then terminating the user’s processes.
The latter can be done by forcing the user to log out and then killing remaining
processes, or by just killing the user’s processes.
To prevent a user from logging in:
m Disable the user account by entering the following command:
$ pwpolicy -a
diradmin
-u
ajohnson
-setpolicy “isDisabled=1”
Replace ajohnson with the short name of the user account and replace diradmin with
the short name of your domain administrator account.
Note: The pwpolicy command only works for LDAP/Password server users. For a local
user, use Workgroup Manager or the Accounts pane of System Preferences.