Cloud servers from $4/mo - Grab the Deal! Let’s start ->
English
Community
Sign In
Sign In

How to Configure Uncomplicated Firewall (UFW) on Ubuntu 24.04

How to Configure Uncomplicated Firewall (UFW) on Ubuntu 24.04
JC Brian Refugia
Technical writer
Ubuntu Firewall
21.08.2024
Reading time: 8 min
Share

Setting up a firewall is one of the fundamental steps in safeguarding an Ubuntu 24.04 installation. Security is an important part of running any server or system. A firewall restricts which services are permitted to communicate with the server, thus acting as a barrier between the system and any potential threats. On Ubuntu, the Uncomplicated Firewall (UFW) offers an intuitive frontend for controlling firewall rules. It makes setting up iptables, the robust but intricate underlying firewall mechanism, easier. UFW makes it simple to set up and manage their firewall settings, even if they have little experience with networking concepts. This increases system security without requiring a high level of technical expertise. With the help of this article, you will be able to install, configure, and manage UFW on Ubuntu 24.04, protecting the server from undesirable network traffic while maintaining the seamless operation of authorized services.

Hostman offers a cloud managed firewall that provides cutting-edge defense tailored for businesses of all sizes.

Prerequisites

  • A local computer or a cloud server with Ubuntu 24.04 installed
  • Root access or user with sudo privileges

Installing UFW

On Ubuntu 24.04, installing the Uncomplicated Firewall (UFW) is straightforward. Normally, Ubuntu has it pre-installed, but if it's not, one may easily install it on the machine by following the instructions below:

  1. Update the package lists to ensure to have the most recent information on package versions and dependencies. Run the command below: 

sudo apt update && sudo apt upgrade -y

  1. The below command can be used to install UFW on the machine.

sudo apt install ufw -y

  1. Once installation is complete, the default status of UFW is inactive. Check it using the command below:

sudo ufw status

Image1

Enabling UFW

You must enable UFW beforehand to begin securing the system. When UFW is enabled, it will begin enforcing both its default rules and any custom rules that have been established. If you are configuring a remote server, make sure to allow SSH connections before starting UFW, to avoid locking users out. Now that UFW is installed and operational, you can start creating firewall rules that meet the unique security needs. 

Enable UFW using the command below and type "y" to proceed.

sudo ufw enable

Image3

Allowing SSH Connections

Enabling the firewall before enabling SSH connections is crucial when deploying UFW on a server, particularly if if administering it remotely over SSH. SSH blocking may prevent you from accessing the server and render it unusable. 

On Ubuntu 24.04, you can enable SSH connections by following these steps:

  1. It is easy to permit SSH traffic using UFW. Use the following command to enable it.
sudo ufw allow ssh

Image9

  1. To confirm that the rule was successfully added, check the status of UFW by running thecommand below.
sudo ufw status

Image15

  1. If the SSH service is operating on a non-standard port, you can choose that port instead of the default by issuing the following command.
sudo ufw allow <custom_port>/tcp

Understanding UFW Default Policies

It's critical to learn about the default policies that UFW applies to incoming, outgoing, and forwarded traffic before digging into custom firewall rules. These default policies provide the firewall's baseline behavior, which can subsequently be adjusted with particular rules to permit or prohibit particular kinds of traffic. 

  1. UFW prevents all incoming connections to the server by default. This security precaution keeps unwanted users from accessing the system.  Any request that comes in from outside the system will be rejected unless a particular rule is configured to authorize it. Requests for SSH, FTP, HTTP, and HTTPS are included in this. 

  2. By default, UFW permits all outgoing connections. This implies that there are no restrictions on the connections the server can make to other servers or services. Because outgoing traffic is normally safe, this policy allows the server to access the internet, download updates, and connect to other services without requiring any additional settings.

  3. Since UFW's default forwarding policy is set to refuse, all forwarded traffic is blocked. Packets that are received by the firewall and subsequently forwarded to a different location are referred to as forwarded traffic. This is especially important for systems that serve as gateways or routers. The server must modify this policy if it is intended to forward traffic between networks.

Allowing and Denying Specific Ports and Services

The ability of UFW to simply control which ports and services are granted or denied access to the system is one of its main features. This feature is necessary to secure the Ubuntu 24.04 server and manage traffic. Using UFW, you can use this method to enable or block particular ports and services.

  1. To enable traffic on a specific port, run the ufw allow command followed by the port number. In this example, to allow http (port 80), run the command below.
sudo ufw allow 80/tcp

Image4

  1. To allow https (port 443), run the command below.
sudo ufw allow 443/tcp

Image20

  1. If a non-standard port is used by the application, the port can also specify using the command below.
sudo ufw allow <custom_port>/tcp

For example:

sudo ufw allow 3026/tcp

Image16

Traffic on port 3026, which is frequently used for database configurations, is now permitted.

  1. Likewise, in order to prevent access, you can restrict traffic on a particular port, run the command below.
sudo ufw deny 80/tcp

Image12

Checking UFW Status and Rules

After configuring Ubuntu 24.04's UFW (Uncomplicated Firewall), it's critical to frequently check the firewall's status and go over the rules that have been set up. By doing this, you can be sure the firewall is up and running as it should. To inspect the current firewall rules and verify the status of UFW, run the following command: 

sudo ufw status

Image2

Managing UFW Application Profiles

Predefined application profiles included in Ubuntu 24.04's UFW (Uncomplicated Firewall) make it easier to grant or restrict traffic for particular services. Firewall management is made easier by these profiles, which include preconfigured rules for popular services including SSH, POSTIFX, OPENSSH, HTTP, HTTPS, and others. Managing UFW application profiles can be done as follows.

  1. Use the following command to view every application profile that is available on the system.
sudo ufw app list

Image17

  1. Use the below command to view the rules included in a particular application profile. The ports and protocols that the profile controls will be displayed in the output.
sudo ufw app info <application_name>

For example:

sudo ufw app info OpenSSH

Image18

  1. The application profile that you wish to use can be allow with UFW once it has been identified. For instance, use the following command to enable HTTP traffic.
sudo ufw allow http

Image11

  1. Likewise, the deny command can be used to prevent traffic for a certain application profile. For example, use the following command to stop all communication related to the HTTP.
sudo ufw deny http

Image5

  1. If a rule related to an application profile is no longer required, it can be deleted using the following command:
sudo ufw delete allow http

Image6

Disabling UFW

Even though Ubuntu 24.04's UFW (Uncomplicated Firewall) is an effective tool for controlling firewall rules and system security, there may be circumstances in which it needs to be turned off, either permanently or temporarily. Unless another firewall or security solution is in place, disabling UFW will halt the firewall and erase all active rules, leaving the system unsecured.

  1. To disable UFW, run the below command. By using this command, you can successfully turn off the firewall and stop the UFW service. 
sudo ufw disable

Image8

  1. Use the command below to verify that UFW has been successfully disabled. The status output should show below.
sudo ufw status

Image14

Troubleshooting Common Issues

Although UFW (Uncomplicated Firewall) is meant to be user-friendly, there could be some problems with installation or firewall rule management. Here are some typical issues that may run into and solutions for issues.

  1. If UFW is not listed on the installed packed, try reinstalling it by running sudo apt update and sudo apt install ufw respectively.

  2. If the installation fails to install, look for issues in your sources or package management. You can also try apt update and apt clean.

  3. Conflicting firewall service. Before activating UFW, make sure that all other firewall services, such as firewall and iptables, have been stopped and deactivated. For further information, review the UFW logs if the issue continues. Useful command is sudo tail -f /var/log/ufw.log.

  4. Once UFW is enabled, you cannot connect remotely to the server and SSH access is restricted. If the you are locked out due to UFW blocking SSH, you need to access the server on the console and run command sudo ufw allow ssh to regain access.

Conclusion

In conclusion, one of the most important steps in protecting Ubuntu 24.04 is configuring the Uncomplicated Firewall (UFW), which controls inbound and outbound network traffic. Because of its intuitive interface, UFW makes firewall control simple enough even for individuals with little experience with Linux system administration. You can effectively control traffic to and from the server by following the instructions to install UFW, create default policies, allow or deny certain ports and services, and manage application profiles. Monitoring the firewall rules and UFW status on a regular basis guarantee that the system is always shielded from unwanted access. Whether it's administering a production environment or protecting a personal server, UFW offers a reliable and simple way to improve the security of the system. By adding the capability to diagnose common problems, one can keep the firewall configuration secure and effective for what is needed.

Ubuntu Firewall
21.08.2024
Reading time: 8 min
Share

Similar

Ubuntu

How to Install TightVNC Server on Ubuntu

A remote desktop lets you control your computer from wherever you are, which is super handy for working or fixing issues. For users of Ubuntu, TightVNC Server is one such stand-alone option to opt for. This software uses VNC to remotely view and control your computer's screen. This tutorial covers the TightVNC Server installation on Ubuntu. We'll guide you through installation and show you how to secure your connection. What is TightVNC TightVNC is a remote desktop application built on the VNC protocol. With this tool, you can control and view your Linux computer on a different machine, whether it is a laptop or a mobile. This software also compresses data and optimizes bandwidth, so it is extremely beneficial for low latency, low-speed internet. This software is used quite frequently by developers and administrators to access servers from far away and to debug everything. Why Use TightVNC Server  TightVNC possesses some great benefits to Ubuntu users: Resource-Efficient: Since it does not require a lot in terms of resources, it is appropriate for low-power PCs and works well on old computers. Multi-Platform Compatibility: It is compatible with other operating systems thus you can use your setup from various devices, e.g., tablets, windows computers, and even Macs. Customizable Configurations: You can customize the tool to your needs. You can utilize your own ports, use secure tunnels for the sake of security, or use less technical desktop environments so that all the things remain light and fast. Cost-Free Solution: It's an open-source project, so the software is completely free for both business and personal use. Prerequisites  Ensure you have: Ubuntu OS: This tutorial applies to Ubuntu 20.04 and newer versions. Desktop Environment: A GDE like LXDE should be installed. Superuser Access: Administrative privileges are must for installation. Internet Access: Stable connectivity for downloading packages. Step 1: Update System Initially, upgrade your system so that all processes work perfectly and there are no issues during the installation. Run: sudo apt update && sudo apt upgrade -y The command updates outdated programs and also puts the list of software on your computer in a refreshable state. Step 2: Install TightVNC Server Now, install the TightVNC server package using the following command to enable the remote desktop functionality.  sudo apt install tightvncserver -y This installs the core software. The -y flag automatically confirms the installation prompt, ensuring the process is uninterrupted.  Once completed, the application will be ready for further configuration. Step 3: Install a Graphical Desktop Environment (GDE) TightVNC requires a GDE and LXDE is recommended due to its lightweight nature: sudo apt install lxde -y By restricting the utilization of resources, LXDE provides your system with more space for your real work. It is particularly useful if your server is low in RAM and CPU. Step 4: Configure TightVNC  Configuration is crucial in installing the tool to your specifications. To ensure proper operation, do the following: Initialize Session Run TightVNC server to create your initial session: tightvncserver It will ask you to create a remote access password during initialization. This password guarantees only approved users may connect. Stop the Server for Configuration To modify default settings, first stop the server: tightvncserver -kill :1 Stopping session :1 allows you to edit the startup file without interruption. Edit Startup Script Create or modify the startup file: nano ~/.vnc/xstartup Add the below-provided configuration: xrdb $HOME/ .Xresources xsetroot -solid grey export XXL_XMODMAP_DISABLE=1 /etc/X11/Xsession /usr/bin/startlxde These commands start an X11 session with a graphical desktop. They start user configuration, set the background color, disable custom keyboard mappings, initalize the session, and start the LXDE environment. Then assign the correct permissions to ensure it executes properly: sudo chmod 755 ~/.vnc/xstartup Step 5: Start the Server Restart the server to ensure correct configurations are applied: tightvncserver The session number (e.g., :1) displayed in the output allows for remote connection. Step 6: Connect to the System Remotely Now it’s time to connect to your server using the TightVNC Viewer or any compatible VNC client. First, get your server’s IP address using: hostname -I Then use the below instructions: Start the VNC client on your local device. Input the server address in the form of ip_address:session_number. For example: 192.168.X.X:590X. Type in the VNC password that you have set earlier. Once connected, the graphical interface is remotely manageable. Step 7: Secure TightVNC Server Remote access involves potential security risks, so it’s important to secure your server connection. Use SSH Tunneling To encrypt your connection, create an SSH tunnel: ssh -L 5901:localhost:5901 user@your_server_ip Replace user and your_server_ip with your server details. Access the VNC session via localhost:5901 in the VNC Viewer. Restrict Port Access Use the system firewall to allow connections only from trusted IPs: sudo ufw allow from your_trusted_ip to any port 5901 Replace your_trusted_ip with the IP of your local machine. Step 8: Stop and Manage the Server You can stop a session to save resources when it’s not needed: tightvncserver -kill :1 This disables the active connection without uninstalling the server. Troubleshooting Common Issues If you encounter problems during setup or remote access, these solutions may help: Blank Screen After Connection If TightVNC only shows a blank or gray screen, try these solutions: Kill all VNC sessions: Conflicting sessions can cause display issues. tightvncserver -kill :session_number Once done, run the server again: tightvncserver Restart the System: A simple reboot can resolve graphical glitches and session conflicts: sudo reboot Specify the Display Screen: Ensure the correct display screen is used by setting the DISPLAY variable: export DISPLAY=:1 This will allow remote access to the login screen via Xorg. Also, don’t forget to include startxfce4 in the xstartup file. Remove Lock Files: Leftover lock files can interfere with graphical sessions: sudo rm -rf /tmp/.X*-lock /tmp/.X11-unix/X* Unable to Connect Confirm the port (e.g., 5901) is open: sudo ufw status Open the port if necessary: sudo ufw allow 5901/tcp Session Won’t Start Check for logs in the .vnc directory: cat ~/.vnc/*.log Client Rejected from Localhost Some VNC servers might only listen on localhost by default. To fix the issue, run: vncserver -localhost no Integrating TightVNC with Cloud Platforms You can expand the application usability by integrating it with cloud services for remote accessibility. Apply the following instructions: Open ports required for TightVNC through the cloud platform’s security group settings (e.g., port 5901 for VNC sessions). Use SSH tunneling to secure access: ssh -i your-key.pem -L 5901:localhost:5901 user@cloud_server_ip Customizing TightVNC Viewer Settings Overlooked client settings can really boost usability and security. Add a View-Only Mode for Specific Users In case someone needs to monitor activity without interacting with the desktop: Set a view-only password: tightvncpasswd -viewonly Provide the user with the view-only password while keeping control of the main session. Integrating TightVNC with Scripts Automation can streamline workflows for repetitive tasks or multi-session setups.  Batch Start Multiple Sessions Write a script to launch multiple VNC instances simultaneously: nano ~/start-vnc-sessions.sh Add: #!/bin/bash tightvncserver :1 tightvncserver :2 tightvncserver :3 Make the script executable: chmod +x ~/start-vnc-sessions.sh Run the script: ./start-vnc-sessions.sh Conclusion TightVNC Server installation on Ubuntu allows secure remote desktop access with maximum accessibility and productivity. This tutorial has given you an optimized and secured environment through which you can remotely access your system. For remote access for troubleshooting purposes, server management, and so on, TightVNC offers simple management with maximum resource utilization.
23 July 2025 · 7 min to read
Ubuntu

Installing and Configuring Samba on Ubuntu 22.04

Let’s look at the process of installing Samba software on a cloud server with the Ubuntu 22.04 operating system. This guide is also suitable for installing Samba on Debian. Let’s start with a brief description of this software. What is Samba Samba is a software package developed to provide compatibility and interaction between UNIX-like systems and Windows. The software has been distributed under a free license for over 30 years. Samba ensures seamless integration of servers and PCs running UNIX into an AD (Active Directory) system. This software can be used as a controller and as a standard component of a domain. Thus, users can flexibly configure cloud file storages. Samba provides extensive functionality for managing file and database access rights by assigning specific user groups. Creating a New Server Go to the control panel and create a new server.  Select the Ubuntu 22.04 image and then the minimum server configuration.  After creating the server, connect to it via SSH, and you can begin configuration. Adding a User This is simple — enter the command: sudo useradd -p new_server_pass new_server_user Instead of new_server_pass and new_server_user, you can use any password and any username. Enter your own data instead of the example ones. Note that we immediately set the password, which was possible thanks to the -p command. Installing Samba on Ubuntu For convenience, we have broken the installation process into separate steps. Step 1. Preparation To start the installation process, use the following command: sudo apt install samba -y Now you need to remember the system name of the service. In most cases, it is smbd. Therefore, if you want to call the service, use this name. First, let’s configure autostart, which is done with the command: sudo systemctl enable smbd Now start it using the familiar command: sudo systemctl start smbd Then check the system status using: sudo systemctl status smbd To stop Samba, use: sudo systemctl stop smbd To restart the service, enter: sudo systemctl restart smbd If you want Samba to no longer start automatically, use the command: sudo systemctl disable smbd The reload command is used to refresh the configuration. The following command will forcibly open port 445, as well as 137–139. To allow them in the ufw firewall, use: sudo ufw allow Samba Step 2. Configuring Anonymous Access Suppose you have some remote server located outside your cloud. Network security rules require that you never open direct access to it through its IP. You can only do this through a tunnel, which is already set up. Typically, servers with granted access have the address 10.8.0.1, and this is the address we will use further. To share data and grant anonymous access to it, first open the configuration file. It is located here: /etc/samba/smb.conf. We recommend making a backup of the clean file — this will help you quickly restore the original program state without needing to reinstall. Now remove all comments, leaving only the code, and enter the command testparm to ensure the program works properly. In the shared folder settings, enter the following parameters: [share]     comment = share     path = /data/public_share     public = yes     writable = yes     read only = no     guest ok = yes Also, make sure that the following four fields (mask and mode) have matching numeric values (for example, 0777). Regarding the specific lines: [share] — the name of the shared folder, which will be visible to everyone connecting to your server; comment — a comment that can be anything; path — the path to the data storage folder; public — gives permission for public access: if you do not want users to view the folder contents, set this to no; writable — determines whether data can be written to the folder; read only — specifies that the folder is read-only: to allow users to create new files, set it to no; guest ok — determines whether guests can access the folder. Thus, the folder name and path may differ depending on what values you specify for the shared folder. The comment can also be anything, and for the last four parameters, values are set as yes or no. Now restart the program and check if you can connect to the server from Windows. Step 3. Configuring Access by User Credentials To create access by login and password, you first need to create a new directory and configure permissions. In the configuration file, set all parameters to no (see above), except writable: in this line, the value should be yes, meaning that writing in the folder should be enabled. Use the mkdir command to create a new directory, then create a user with useradd someone (where someone can be any username) and set a password for them with the command passwd. For example: passwd something Now, with the command below, add the new user and try to log in: if everything is configured correctly, you will have access to the folder. sudo smbpasswd -a someone Step 4. Configuring Group Access Configuring group access is necessary when you need to create restricted access for specific user groups. In smb.conf, after the line guest ok, additionally specify the following lines (all usernames here are generated simply for example): valid users = admin, mary_smith, jane_jameson, maria ortega, nathalie_brown write list = admin, nathalie_brown In the valid users line, list the users who are granted access to the directory. And in the write list, list those who can modify data in the folder. In addition, after the force directory mode line, add another line with the following value: inherit owner = yes This enables inheritance of created objects. Now save the settings and restart the service, after which the new settings should take effect. Step 5. Connecting to Samba from Windows and Linux For quick connection to Samba from Windows, press Ctrl+E and enter the path. Note that you need to use \\ to indicate the network path to the resource. And to avoid reconnecting to the server each time, you can choose the option to connect the resource as a drive, if your security policy allows it. In the new window, specify the drive letter and fill in the required data. For connecting to Samba from Linux, you use the cifs utilities, which are installed with the command: sudo apt install cifs-utils -y Next, the resource is mounted and connected. This is done with: sudo mount.cifs //10.8.0.1/our_share /share The path and resource name can be anything. You can also perform automatic mounting using the configuration file fstab with its own settings. Step 6. Configuring the Network Trash Bin This operation is needed to avoid accidental permanent deletion of files. For this, create the following directory: [Recycle]     comment = Trash for temporary file storage     path = /directory/recycle     public = yes     browseable = yes     writable = yes     vfs objects = recycle     recycle:repository = .recycle/%U     recycle:keeptree = Yes     recycle:touch = Yes     recycle:versions = Yes     recycle:maxsize = 0     recycle:exclude = *.tmp, ~$*     recycle:exclude_dir = /tmp Now, let’s review line by line what these parameters mean: vfs objects = recycle — indicates use of the corresponding subsystem; repository — the path for storing deleted data; keeptree — whether to keep the directory tree after deletion; touch — whether to change the timestamps of files when they are moved to the trash; versions — whether to assign a version number if files with identical names are deleted; maxsize — the maximum size of a file placed in the trash. A value of 0 disables limits; exclude — which file types to exclude; exclude_dir — which directories to exclude. Conclusion That’s it — now you know how to install Samba on an Ubuntu cloud server and configure it for your own needs.
04 July 2025 · 7 min to read
Ubuntu

Deleting a User in Ubuntu 22.04

A server administrator often has to work with user accounts — adding, deleting, and configuring access modes. Removing outdated user accounts is one security measure that can significantly reduce the number of vulnerabilities in the system. The Linux utilities deluser and userdel are used for deletion. However, before proceeding directly to deleting a user, we must take certain steps. In this article, we will explore how to delete a user in Ubuntu without compromising the system. At the same time, we will preserve the ability to access the user’s home directory files after deletion. In this article, we will work with the user hostman, which was created beforehand. This article will primarily focus on removing an Ubuntu user via the terminal, but we will also provide instructions for deleting a user account through the graphical interface. Please note that you will need superuser privileges to work with user accounts. The instructions will be suitable for any cloud server running Ubuntu OS. Checking the User Account First, you need to check whether the user is currently logged into the system. This will affect further steps: if the user is currently authorized on the server, you will need to terminate their connection and change the password. Check the list of users authorized in the system using the who utility or its alias w: who If you see that the user hostman is authorized, you need to check which processes are running under this user. This is a necessary step because if background operations are being performed, Ubuntu 22.04 will not allow us to delete the user. Check with the ps utility: sudo ps -u hostman As a result, you might see a response like this:    PID TTY          TIME CMD 1297129 pts/2    00:00:00 bash 1297443 pts/2    00:00:00 htop For testing purposes, we launched the htop utility under the hostman account, which is running in the background. Blocking Access Before stopping the user’s processes, you need to block their access to the system. You can do this by changing their password. User passwords are stored in the system in encrypted form in the /etc/shadow file. This file is readable only by the root user, and in addition to password hashes, it contains their expiration information. There is a special utility that allows you to remove a user’s password in Ubuntu — passwd. To restrict access, we will use the passwd utility with the -l (or --lock) flag, which puts the utility into lock mode: sudo passwd -l hostman As a result, the utility will add an exclamation mark at the beginning of the encrypted password string. That is all that is needed to prevent the user from logging in again since the hashes will no longer match. Killing Processes In Ubuntu, you cannot delete a user via the console if any processes are running under their name. To terminate a process, you can use one of the following commands: kill — deletes a process by its identifier. You can determine the IDs of the hostman user processes with: top -U hostman or ps -u hostman pkill — deletes a process by its name. For example, if the user hostman has launched the top process, you can terminate it with: sudo pkill top killall — deletes all processes, including child processes. Often, a process will launch many so-called subprocesses; stopping them by name or identifier can be complex and time-consuming. We will use the last command to reliably kill all user processes: sudo killall -9 -u hostman The -9 flag means the processes will receive a SIGKILL signal. This means the process will be forcibly terminated, since this signal cannot be ignored or blocked. Essentially, it is equivalent to a “force quit” of a non-responding program in graphical operating systems. After completing the user’s processes, they will no longer be authorized in the system. You can verify this using the who command. Since we locked the login in the previous step, the hostman user will not be able to log in again. Optional — Archiving the Home Directory Quite often, when deleting a Linux user account, you may need to keep its home directory, which might contain important files required either by the user or by the organization you are serving as an administrator. The built-in Ubuntu utilities allow you to remove a user while keeping their home directory. However, this is not recommended for two reasons: Disk Space — the user’s home directory may contain a large amount of data. It is irrational and excessive to store data from all outdated accounts on the main work disk. Over time, you might run out of space for new users. Data Relevance — it is good practice to keep the /home directory containing only the directories corresponding to active user accounts. Keeping this list in order helps with administration. We will use the tar utility to archive the home directory of the hostman user: sudo tar -cvjf /mnt/nobackup/hostman.homedir.tar.gz /home/hostman Let’s go over the arguments and flags: -c — creates the resulting .tar archive file -v — enables verbose mode, showing debugging information and listing archived files -z — creates a compressed .gz archive -f — indicates that the first argument will be used as the archive name The first argument is the final location of the archive. In our example, we place the archive with the user’s home directory on the nobackup disk, which, as the name implies, is not subject to backup. The second argument is the path to the directory from which the archive is created. Stopping Scheduled Jobs Before deleting a user in Ubuntu, it is recommended to stop all cron scheduler tasks launched by that user. You can do this with the crontab command. We will launch it under the hostman user with the -u flag and switch it to delete mode with the -r flag: sudo crontab -r -u hostman Now you can be sure that after deleting the user account, no unknown scripts will be executed for which no one is responsible. Deleting the User Once all the previous steps have been completed, it is time to proceed with the main task: deleting the Ubuntu user. There are two ways to do this: the deluser and userdel utilities. To delete the user account, we will use the deluser utility. Running it without parameters will delete the user account but leave their home directory and other user files intact. You can use the following flags: --remove-home — as the name suggests, deletes the user’s home directory --remove-all-files — deletes all system files belonging to the user, including the home directory --backup — creates an archive of the home directory and mail files and places it in the root directory. To specify a folder for saving the archive, use the --backup-to flag. As you can see from the parameter descriptions above, manually archiving the user’s home directory is not strictly necessary — deluser can do everything for you. In addition, with deluser you can remove a user from a group in Ubuntu or delete the group itself: sudo deluser hostman administrators The command above removes the user hostman from the administrators group. Let’s proceed with the complete deletion of the user and the hostman group without preserving the home directory: sudo deluser --remove-home hostman Deleting the User via Graphical Interface The entire article above is about how to delete a user in the Ubuntu terminal. But if you have a system with a graphical interface, you can delete a user in just a few simple steps. Open the Users section in System Settings. To switch to superuser mode, click the Unlock button. After that, the Delete User button will become active. When you click it, a dialog box will appear, offering to delete the user’s files, specifically those in the home directory. Conclusion Deleting a user in Ubuntu is not difficult; you just need to use the deluser utility with the required parameters. However, in this article, we described several steps that will help you safely delete a user account while preserving the system’s stability.
04 July 2025 · 7 min to read

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start.
Email us
Hostman's Support