The "user is currently used by process" error in Linux occurs when trying to modify or delete a user account that is currently logged in or running processes. Here are some troubleshooting steps to resolve this error:

Understanding Why This Error Occurs

On Linux systems, user accounts are associated with key system files that manage account permissions, authentication, and access controls. This includes files like /etc/passwd, /etc/shadow, /etc/group etc.

When a user logs into the system or launches processes, file locks get placed on some of these account files. So if an attempt is made to concurrently modify or delete the user account, it fails due to these existing file locks.

Some typical cases that cause this conflict are:

  • Deleting a user that is currently logged in via SSH or console
  • User cron jobs or at jobs running when account deletion is attempted
  • System processes like updatedb owning files under the user‘s home directory
  • Privileged applications or daemons executing under the user account

Making user account changes without first ending these sessions and processes leads to the “user is currently used by process” error.

Step 1 – Identify the Problematic Process

Use the ps command to find the Process ID (PID) holding up the user account modification:

ps aux | grep [username]

This displays information about running processes belonging to that particular user account:

USER         PID    %CPU   %MEM      VSZ    RSS   TT       STAT STARTED      TIME COMMAND
jsmith      1793    0.0    0.1    21248   5060   pts/1    Ss   09:15   0:00 -bash
jsmith      1819    0.0    0.1   114972   3244   pts/1    R+   09:17   0:00 ps aux | grep jsmith

Focus on the PID field to identify process(es) causing issues with the user account change. Make a note of the relevant PIDs.

Step 2 – Kill the Problem Process(es)

Once problematic PIDs have been identified from Step 1, kill the processes with the kill command.

For example, to forcibly terminate process 1819 owned by jsmith:

kill -9 1819

Replace the PID with the actual values noted earlier. The -9 option forcibly kills the process, allowing the obstructing file locks to be released.

To kill all processes belonging to a user in one command: 

killall -u [username]

This terminates every process owned by that user account prior to making account changes.

Alternative Approaches to Managing User Processes

In some cases, directly killing user processes with kill may be risky, for example:

  • Critical production applications running under the user account
  • Long running computational jobs that would lose progress
  • Simultaneous administrator tasks targeting the same user

Some safer options include:

Using System Signals

The pkill and killall commands have options to send system signals other than the harsh SIGKILL. For example: 

pkill -TERM -u jsmith

This sends the SIGTERM signal to gracefully terminate processes owned by user jsmith.

Queuing Session Disconnects

Interactive user sessions can be queued to disconnect with: 

pkill -TERM -t pts/[tty]

Once disconnected, the sessions no longer block account changes.

Scheduling Maintenance Windows

Plan user management tasks like account deletions during designated change windows. Ask users to log out, terminate jobs/processes, before changes are made.

Following best practices for production changes prevents undesirable job/process loss.

Step 3 – Modify or Delete User Account

With no more obstructing processes, the user account can now be modified or removed.

Some common tools include:

usermod

Modifies user properties like renaming, changing home directory, shell etc:

usermod -l newusername oldusername

userdel

Deletes a user account and associated files/folders:

userdel -r username

chage

Manages password expiration policies:

chage -M 60 username

This sets password to expire in 60 days.

Linux User Account Management Lifecycle

User Creation Phase

When setting up new user accounts, follow least privilege principles to grant only necessary read/write/execute permissions via group membership and file controls. Enforce secure password policies and enable dual-factor authentication where applicable.

Configure auditing rules through /etc/audit/rules.d to track access and changes. Document all new account requests diligently with management approval.

Active Usage Phase

As users access systems and launch processes, monitor disk utilization under /home directories. Set notifications for excessive usage.

Review personal crontab jobs, at jobs, and system services not being utilized via:

crontab -u username -l
atq -u username
systemctl status --user

Investigate dormant accounts without recent logins using last command.

Account Lifecycle Sunset Phase

Coordinate with application owners to map all processes/jobs/services to user accounts needing removal or archival. Stop idle sessions.

Expire and lock passwords initially before deletion. Backup and compress home directories prior to userdel.

Following this governance model for user account lifecycles improves manageability over time.

Preventing "User is Currently Used by Process" Errors

Enforcing some system administration best practices helps avoid "user is currently used" errors:

  • Use Dedicated Admin Accounts: Make account changes using privileged admin accounts instead of the affected user‘s account.
  • Mandatory Log Out Rule: Enforce a standard policy for users to log out of all sessions before modifying their accounts.
  • Job/Process Cleanup Reminders: Periodically review and clean up inactive user cron jobs, at jobs, processes.
  • Change Management Frameworks: Follow documented change approval workflows outlining rollback steps.

Monitoring and optimizing processes associated with user accounts will minimize errors from file locks obstructing account changes down the road.

Concluding Thoughts

Troubleshooting Linux user account errors requires an investigative approach to identify the specific jobs, processes and permissions causing issues. Methodically terminating sessions and killing problematic programs allows the account changes to execute successfully. Implementing lifecycle models and preventative measures further improves the user administration experience.

Please feel free to reach out if you have any other questions on this topic! I have over 10 years of experience managing users, jobs and access controls on Linux across various industries.

Related posts:

  1. Verifying Crontab is Active and Running Properly on Linux
  2. Unlocking the True Power of the Cut Command
  3. Mastering the Truncate Command: A Linux Power User‘s Guide
  4. Optimizing Linux Performance and Stability by Managing Max User Processes
  5. Decoding Epoch Timestamps on the Linux Command Line
  6. The bc Command in Linux: A Complete 2650-Word Guide with Examples
  7. Harnessing the Power of Netcat for Linux Messaging
  8. Basic Linux Commands You Should Know

Similar Posts