* Thomas Bushnell BSG (tb@becket.net) wrote: > Stephen Frost <sfrost@snowman.net> writes: > > > I disagree with the idea that removing a user is a bug. If the user was > > added by the package, and the package is being purged, and there's a > > reasonable expectation that it wasn't used outside of the package's use > > of it then I think it's probably safe to remove it. > > How do you acquire that expectation? By knowing what the package uses the user for. This is somewhat akin to the PostgreSQL package's question "do you want your data files to be purged upon package removal", or the fact that the default Postgres installation uses ident and the 'postgres' user is the superuser for the database (meaning you're going to be su'ing to postgres probably a fair bit). In this example, if the user said to remove the data files when the package is removed I'd expect the user to be removed as well. If the user said to *not* remove the data files (the default, I believe), then the postgres user should also remain. Another good example is the 'sshd' user, who owns nothing and is nothing more than a distinct unprivileged user for the purpose of communicating with the network in privsep mode (iirc). Thanks, Stephen
Attachment:
signature.asc
Description: Digital signature