> -----Original Message----- > From: Stone, Timothy [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 03, 2003 7:37 AM > To: [EMAIL PROTECTED] > Subject: RE: Accidently deleted user--help [CLOSED] > > > First, on the subject of my email line lengths...using > Outlook here. Micros~1 has deemed it inappropiate for the > user to be able to set a hard character wrap. Since my > workstation is Windoze, and our Exchange host appears to only > allow Outlook client communication (vs. IMAP, SMTP and OWA) > I'm stuck with using it for now. > > I want to thank each of you for making some excellent suggestions. > > I was unable to recreate or examine the exact sequence of > events. One thing I failed to mention was that I was using > the Gnome Users and Groups GUI to do the work! :) I think > this is why I was not seeing the logging information many > suggested looking at. > > However: > > % diff /etc/password.OLD /etc/passwd > > showed that my original install vs. the current file only > contained the application and logon users I had created since > bringing the box online. > > I have concluded that what I may have seen was a "refresh" of > the GUI. Though I swear I think I hit delete. > > Many thanks again. I learned a lot about some of the many > hidden corners of information that Linux provides the novice admin.
Well, that's good, but here, I had a possible method of manually figuring out who you deleted (if a REAL user) relatively quickly... look in /home . Since you said that you only deleted the user, but not the user space, the deleted user's home directory would be marked with the UID of the user, instead of the user's name, under the ownership, and the user's name for the name of the directory, telling you who, what UID, etc. Only thing missing would be preferred shell, and password :) which can be obtained from the user. I know that won't help you (since you in the end didn't have a problem) but someone may eventually look for this in the archive or may remember this as a future trick when they delete a user accidentally from /etc/passwd or /etc/shadow. (Of course, if it was a system user account, it would not be this simple... but you could bring the box up and see what users are running, find the one with a UID vice a username in ps -ef, and figure out the account that way; may or may not work, in which case you can search for files that are owned by a UID and not an account, which will also clue you in). -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
