On Sun, May 29, 2011 at 12:04:35PM +0100, Roger Leigh wrote:
> On Sun, May 01, 2011 at 03:06:00PM +0100, Ian Jackson wrote:
> > Steve Langasek writes ("Re: Bug#621833: System users: removing them"):
> > > On Tue, Apr 12, 2011 at 09:31:47PM +0200, sean finney wrote:
> > > > I second your original proposal though, that packages must not delete
> > > > system users that they have created. I don't think anyone had objections
> > > > to that, and the question is whether things should be taken further.
> > >
> > > I do object to telling maintainers they must not delete system users,
> > > without also giving guidance on how and when to lock the accounts.
> >
> > Yes, I agree with this.
> >
> > > Sorry, no time at the moment to propose verbiage to reconcile this with your
> > > concerns.
> >
> > I think the right thing to do would be to have deluser lock (rather
> > than delete) system users when invoked in the way currently used by
> > maintainer scripts. Provided that doesn't make interactive use of
> > deluser break somehow.
>
> I've been looking at how this might be accomplished right now, and
> have these observations to make. (These are WRT my addition and
> removal of the "sbuild" user in the sbuild package.)
>
> 1) Locking on removal.
>
> This is as simple as doing (in postrm)
>
> # Lock sbuild account.
> usermod -U -e 1 sbuild
Oops, should of course be "usermod -L -e 1 sbuild"
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
Attachment:
signature.asc
Description: Digital signature