Re: Bug#621833: System users: removing them
- To: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Cc: Steve Langasek <vorlon@debian.org>, sean finney <seanius@seanius.net>, 621833@bugs.debian.org, Lars Wirzenius <liw@liw.fi>, debian-devel@lists.debian.org
- Subject: Re: Bug#621833: System users: removing them
- From: Andreas Barth <aba@not.so.argh.org>
- Date: Sun, 1 May 2011 16:42:17 +0200
- Message-id: <[🔎] 20110501144217.GH15003@mails.so.argh.org>
- Mail-followup-to: Andreas Barth <aba@not.so.argh.org>, Ian Jackson <ijackson@chiark.greenend.org.uk>, Steve Langasek <vorlon@debian.org>, sean finney <seanius@seanius.net>, 621833@bugs.debian.org, Lars Wirzenius <liw@liw.fi>, debian-devel@lists.debian.org
- In-reply-to: <[🔎] 19901.26824.984819.316632@chiark.greenend.org.uk>
- References: <1301559813.11500.34.camel@havelock.liw.fi> <19860.32563.116133.70976@chiark.greenend.org.uk> <1301947774.2967.114.camel@havelock.liw.fi> <1302338668.2441.60.camel@havelock.liw.fi> <19874.64686.98445.806467@chiark.greenend.org.uk> <1302630070.29407.16.camel@havelock.liw.fi> <20110412193147.GA15850@cobija.connexer.com> <[🔎] 20110501074903.GC11712@virgil.dodds.net> <[🔎] 19901.26824.984819.316632@chiark.greenend.org.uk>
* Ian Jackson (ijackson@chiark.greenend.org.uk) [110501 16:39]:
> Steve Langasek writes ("Re: Bug#621833: System users: removing them"):
> > On Tue, Apr 12, 2011 at 09:31:47PM +0200, sean finney wrote:
> > > I second your original proposal though, that packages must not delete
> > > system users that they have created. I don't think anyone had objections
> > > to that, and the question is whether things should be taken further.
> >
> > I do object to telling maintainers they must not delete system users,
> > without also giving guidance on how and when to lock the accounts.
>
> Yes, I agree with this.
>
> > Sorry, no time at the moment to propose verbiage to reconcile this with your
> > concerns.
>
> I think the right thing to do would be to have deluser lock (rather
> than delete) system users when invoked in the way currently used by
> maintainer scripts. Provided that doesn't make interactive use of
> deluser break somehow.
Good idea.
I agree that system users should never be removed by maintainer
scripts, but as said: Someone would need to write that down before
starting to behave so.
Andi
Reply to: