View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Deleting a cloned user; managing users
Log in to Ask a Question

Deleting a cloned user; managing users

clone root users virtualmin webmin admin

A developer working on my site recently, in the midst of a dispute w/ me, cloned the Webmin root user without mentioning it, then vandalized my site. (He reluctantly gave me a refund through Upwork, then logged in and deleted one of my DB tables.) I want to delete that cloned user but can't find it. Is there somewhere I can do that? Under "Edit Users" it just shows my one non-root user and the option to delete it. I have changed all the passwords - does that lock out the clone?

In the past (like yesterday) I have seen 4 users - 'root', 'webmin', 'admin' and my non-root/usermin user - though I only see one now. Don't remember who I was logged in as, or what tab I was on (it was presumably virtualmin and not webmin).

If I'm logged in as root shouldn't I see all the users?
The action log says the cloned user has admin status.

1 Reply

Linode Staff

Hey @dogwood - this sounds like a really terrible experience, and I'm super sorry that you have to deal with it. The first thing I thought after reading this was that you might want to consider reporting the freelancer to Upwork, if you haven't done so already. I tracked down how to do that here:

Upwork: Flag a Freelancer Profile

Second, regarding the cloned user you're referring to: The root user should not be clone-able by nature. Per this Stack Exchange post, the closest equivalent of this would be creating an alias of the root user. If this is the case, you will want to remove the alias while logged in as the original root user. Just in case, here are some instructions on how to delete an alias:

LinOxide: How to Create and Remove alias in Linux

*Quick note: You may want to look into adding or changing your SSH authentication key in addition to your server's passwords.

Otherwise, if you believe a different user was cloned, you should be able to view a list of all system users with the following command:

awk -F':' '{ print $1}' /etc/passwd

This nixCraft article has some other good methods of viewing all users with more or less detail:

Linux List All Users In The System

If you're able to identify the specific username of the user you want to remove, you should be able to remove them along with their home directory with this command while logged in as root:

userdel -r <username>

More about the userdel command here:

How to Delete/Remove Users in Linux (userdel Command)

Lastly, it may also be worth checking your server's login history to see who has had access to your Linode. This other Community post goes over how to check login and logout attempts, current logins, and bad login attempts:

Login History

I really hope this helps. Good luck!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct