LiveChat 
Support 
How to Remove a User in Linux: deluser vs userdel (Safely)
Deleting a user account sounds like a one-line job, but it is one of the easiest administrative tasks to get subtly wrong. Run the wrong command and you either orphan a directory full of data you needed, or you blow away files that were still in use. Knowing how to remove a user in Linux correctly, and knowing what to do *before* and *after* the deletion, is the difference between a clean offboarding and a security hole. Linux gives you two main tools: the Debian-friendly `deluser` and the universal low-level `userdel`.
This is the removal counterpart to our companion guide on . If you can add an account with `adduser` and `useradd`, this guide shows you how to take one back down safely, with copy-ready command examples for handling the home directory, orphaned files, running processes, and group membership.
Key Takeaways
• `userdel username` removes the account but keeps the home directory; `userdel -r username` also deletes the home directory and mail spool.
• `deluser` is the friendlier high-level wrapper on Debian/Ubuntu; use `deluser –remove-home` to delete the home directory.
• Always back up the home directory before using `-r` — deletion is irreversible.
• `userdel -r` does not find files the user owns elsewhere (in `/var`, `/tmp`, etc.); hunt those down with `find / -uid OLD_UID` to avoid orphaned files and UID-reuse risks.
• When in doubt, lock the account with `usermod -L` instead of deleting, to preserve files and the audit trail.
What are the two commands for removing a user in Linux?
Just as Linux has two tools for adding users, it has two for removing them, and the same high-level versus low-level split applies:
- `deluser` is a high-level Perl script on Debian, Ubuntu, and their derivatives. It is the friendly counterpart to `adduser`. It can remove the user, optionally delete their home directory, strip them from groups, and even back up their files in one structured command.
- `userdel` is the low-level, universal binary that exists on virtually every Linux distribution, including RHEL, CentOS, Fedora, AlmaLinux, and Arch. It does exactly what you ask and nothing more. By default it leaves the home directory untouched.
Here is the practical distinction at a glance.
| Feature | `deluser` | `userdel` |
|---|---|---|
| Type | High-level interactive script | Low-level binary |
| Availability | Debian / Ubuntu (and derivatives) | All distributions (universal) |
| Keep home directory (default) | Yes | Yes |
| Remove home directory | `–remove-home` | `-r` |
| Remove all files owned by user | `–remove-all-files` | Not built in |
| Back up before deleting | `–backup` / `–backup-to` | Not built in |
| Force deletion while logged in | n/a | `-f` |
| Best for | Manual offboarding on Debian/Ubuntu | Scripts, automation, portability |
How do you delete a user but keep their home directory?
The safest default is to remove the account while preserving its files for archival, handover, or audit. Both commands keep the home directory unless you tell them otherwise.
On any distribution, with `userdel`:
“`bash sudo userdel alice “`
On Debian or Ubuntu, with `deluser`:
“`bash sudo deluser alice “`
After this, the login `alice` no longer exists, but `/home/alice` and her mail spool remain on disk. The files are now owned by a numeric UID with no name attached to it, which leads directly to the most important caveat in this guide (covered below).
How do you delete a user and their home directory?
When you are certain you no longer need the data, you can remove the account and its home directory and mail spool in one step.
With `userdel`, add the `-r` flag:
“`bash sudo userdel -r alice “`
With `deluser`, use `–remove-home`:
“`bash sudo deluser –remove-home alice “`
The `-r` flag deletes `/home/alice` and the mail spool at `/var/mail/alice`. There is no undo. Back up the home directory first if there is any chance the data matters:
“`bash sudo tar -czf /root/alice-home-backup.tar.gz /home/alice sudo userdel -r alice “`
`deluser` can fold the backup into a single command:
“`bash sudo deluser –backup –backup-to /root/backups –remove-home alice “`
The biggest blind spot in user deletion: `userdel -r` (and `deluser –remove-home`) only removes the user’s home directory and mail spool. It does not find or remove files that user created or owns elsewhere on the system — log files in `/var`, scratch files in `/tmp`, web roots in `/srv` or `/var/www`, cron output, database dumps, anything. Those files keep the now-deleted user’s numeric UID as their owner. They become orphaned files: owned by a UID that maps to no account. This is not just clutter. If you later create a new user and the system reuses that UID, the new account silently inherits ownership of all those stray files, a real privilege and data-leak risk. After every deletion, search for orphaned files with `find / -uid OLD_UID` and reassign or remove them.
What happens to the user’s files after deletion?
This is where most cleanups stop too early. Once the account is gone, any file that user owned anywhere on the filesystem is now an orphaned file tied to a bare UID.
Step one: find the UID before you delete. Capture it while the account still exists:
“`bash id -u alice # prints the numeric UID, e.g. 1003 “`
Step two: after deletion, sweep the whole filesystem for anything still owned by that UID:
“`bash sudo find / -uid 1003 -not -path “/proc/*” 2>/dev/null “`
Excluding `/proc` avoids noise from kernel pseudo-files, and redirecting errors hides unreadable directories.
Step three: decide per file. Reassign files you want to keep to another user, or delete them outright:
“`bash
sudo find / -uid 1003 -not -path “/proc/*” -exec chown webadmin {} +
sudo find / -uid 1003 -not -path “/proc/*” -delete “`
Running this sweep after every removal is what separates a tidy server from one slowly filling with ghost-owned files and latent UID-reuse risks.
How do you check for running processes before deleting?
If the user is logged in or running processes, `userdel` will refuse to delete the account (or leave the system in an inconsistent state). Always check first.
“`bash
who | grep alice
ps -u alice
pgrep -u alice -l “`
Terminate any lingering processes before removing the account:
“`bash
sudo pkill -u alice
sudo pkill -9 -u alice “`
If you genuinely must remove the account while the user still has active sessions, `userdel` offers a force flag, but use it knowingly:
“`bash sudo userdel -f alice “`
The `-f` (force) flag deletes the account even while the user is logged in and even if files in the home directory are owned by other users. It is powerful and blunt; prefer killing processes cleanly first.
How do you remove a user from groups without deleting them?
Sometimes you do not want to delete the account at all, you just want to revoke a specific access. To strip a user from a single supplementary group while keeping the account, use `deluser` (Debian/Ubuntu) or `gpasswd`:
“`bash
sudo deluser alice docker
sudo gpasswd -d alice docker “`
On systems with `usermod`, you can also re-set the full supplementary group list, but that is error-prone because it replaces rather than removes. `deluser
When should you lock a user instead of deleting them?
Deletion is permanent. For real-world offboarding, locking is frequently the safer first move, especially when an employee or contractor leaves.
“`bash
sudo usermod -L alice
sudo usermod -s /usr/sbin/nologin alice
sudo usermod -e 1 alice # or: chage -E 0 alice “`
Locking with `-L` preserves the user’s files, UID, group memberships, and audit trail while immediately blocking access. This matters for compliance investigations, data handover, and reversibility. You can always delete the account later, after the data has been archived and you are certain nothing depends on it. Deleting first and asking questions later is how teams lose data they were legally required to keep.
The same logic applies to system and service users: removing a service account that still owns running daemons or config files can break the service. Lock or disable it, confirm nothing depends on it, then remove.
Manage and audit Linux users on a server with full root access
Safely removing users, sweeping for orphaned files, and reassigning ownership all require root access to the machine. Shared hosting almost never gives you that, so you cannot run `userdel`, run a `find / -uid` audit, or lock accounts the way this guide describes. A DarazHost VPS or dedicated server gives you full root control to administer Linux users end to end: add, remove, lock, audit, reassign file ownership, and enforce least privilege across your whole team. With reliable infrastructure, complete control of your environment, and 24/7 support, DarazHost is built for developers and sysadmins who need a real Linux server, not a locked-down sandbox.
What is a safe, repeatable user-removal checklist?
Put the pieces together into a routine you can run every time:
- Record the UID first: `id -u username` — you need it for the orphan sweep later.
- Check for sessions and processes: `who`, `ps -u username`, then `pkill -u username` if needed.
- Back up the home directory: `tar -czf /root/username-backup.tar.gz /home/username` (or `deluser –backup`).
- Remove the account: `userdel -r username` (delete home) or `userdel username` (keep home).
- Sweep for orphaned files: `sudo find / -uid OLD_UID -not -path “/proc/*”` and reassign or delete.
- Remove from any remaining group references and check `sudo`/`wheel` membership is gone.
- Verify: `id username` should now return “no such user.”
Following this order means you never lose data you needed and never leave ghost-owned files behind.
Frequently asked questions
What is the difference between deluser and userdel? `userdel` is the low-level, universal command found on every Linux distribution; by default it removes the account but keeps the home directory, and you add `-r` to delete the home directory and mail spool. `deluser` is a friendly high-level wrapper available mainly on Debian and Ubuntu that can also back up files (`–backup`), remove the home directory (`–remove-home`), and strip group memberships in one structured command.
Does deleting a user delete their files? Only their home directory and mail spool, and only if you pass `-r` (`userdel -r`) or `–remove-home` (`deluser`). Without those flags, the home directory stays on disk. Either way, any files the user owns elsewhere on the system (in `/var`, `/tmp`, `/srv`, etc.) are never removed automatically and become orphaned files owned by the old UID.
How do I find files owned by a deleted user? Search by the old numeric UID, since the name no longer resolves: `sudo find / -uid OLD_UID -not -path “/proc/*” 2>/dev/null`. Record the UID with `id -u username` *before* you delete the account. You can then reassign the files with `chown` or remove them.
Why does userdel say “user is currently logged in”? The account has active sessions or running processes, and `userdel` refuses to delete it to avoid leaving the system inconsistent. Log the user out and stop their processes first with `sudo pkill -u username`, then delete. As a last resort, `sudo userdel -f username` forces deletion, but do this only when you understand the consequences.
Should I delete a user or just lock the account? For offboarding, locking is often safer. `sudo usermod -L username` disables login immediately while preserving the user’s files, UID, group memberships, and audit trail. This keeps you compliant and lets you archive data on your own schedule. Delete the account later, once you are certain nothing depends on it.
