Re: System users: removing them
Lars Wirzenius writes ("System users: removing them"):
> The easy solution for this would be to never remove the user, but that's
> also not so clear.
To remove a user and reclaim the uid is a difficult business.
> * Extra accounts are just wasteful, and may cause some confusion.
> * There is a tiny risk of having unused accounts on the system.
> (We have tens of them anyway, but still.)
I think a disabled account present in passwd (with changed home
directory, and starred out shadow entry) is less risk than a reused
uid.
> Most hosts, however, can safely remove the system user when the package
> is removed, if the user is to be removed at all. There may be cases
> where a package's system user should not be removed, because some files
> that belong to it will not be removed, such as a Usenet spool.
IMO the accounts should be retained but disabled.
> I propose the following:
>
> * We patch deluser to check for a boolean DELETE_SYSTEM_USERS
> setting in /etc/adduser.conf. If set to false, it does not
> remove the user. Default the setting to true, since that is
> status quo and works for most hosts and sites. Maybe also add a
> --force option to override the config file setting?
The current default is not to delete the user because packages don't
generally do so, surely ?
Ian.
Reply to: