Bug 2168641

/var/lib/AccountsService/users/USERNAME is designed to hold information that the system needs about USERNAME before the home directory might be available. On some configurations the home directory isn't available for a user until authentication at the login screen is complete.

The settings file is primarily used to find out what session to log into and what icon to show in the user list for a user. We also store what version of the operating system was running when they last logged in. We use this for making default session policy decisions on upgrades (e.g. If a user was explicitly using the GNOME classic session in RHEL 7 and they upgrade to RHEL 8 then we keep them on the GNOME classic session in RHEL 8, but if they were just going with RHEL 7 session defaults then we give them RHEL 8 session defaults)

The file is also used in the case of remote login to domain controller to let the system know that a particular remote user has logged in locally before. This is so they can get added to the user list for future logins without polluting the user list with all the other remote users that may never need to log into the system at all.

I don't think we have great documentation about this. We do allude to it when discussing session configuration in the "Administering the System using the GNOME Desktop Environment" guide here:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/administering_the_system_using_the_gnome_desktop_environment/proc_setting-a-default-desktop-session-for-all-users_administering-the-system-using-the-gnome-desktop-environment

It's possible we should document it more. Reassigning to Documentation component for evaluation by docs team.

It's very difficult to completely expunge a user from the system. There are remnants left in various places. For instance, many of the users actions get logged in the system journal. Records of their logins and failed log in attempts are stored in /var/log/wtmp and /var/log/btmp.  They have may have local mail in /var/spool/mail , maybe cached kerberos credentials, cron table entries, and probably other things.

I do think deleting the home directory and /var/lib/AccountsService/users/USERNAME will give a mostly perceived fresh start though.

I'm adding this ticket to our 8.9 & 9.3 documentation plan.

I've published the documentation:

RHEL 8:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/managing-users-from-the-command-line_configuring-basic-system-settings#removing-a-user-on-the-command-line_managing-users-from-the-command-line

RHEL 9:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_basic_system_settings/managing-users-from-the-command-line_configuring-basic-system-settings#removing-a-user-on-the-command-line_managing-users-from-the-command-line

Thanks everyone for your help!