On Sun, Nov 30, 2003 at 04:42:44AM +0100, Peter Palfrader wrote: > > Presumable, if you purge the package, then the user is no longer needed. > > So shouldn't the user be deleted? > We cannot guarantee that no file on disk is owned by the user or group. > The local admin may for instance have made a backup copy of files owned > by the user (cp -a /etc/foo/ /etc/foo.bak; suppose something in that > dir is uid or gid user). Erm, surely everything in /etc should be owned by root? The group mightn't be, but surely the user should be? (Otherwise you're allowing random daemons to _modify_ your configuration, rather than just read it) > After purging the package they are still there > and after installing another daemon they are suddenly owned by another > package's user. You could fix that by having adduser generally try to avoid reusing uids/gids in the various dynamic ranges (which would require keeping a track of purged users). But the only time an admin should be /required/ to get rid of cruft (extraneous users, random files) is when s/he specifically created them -- by doing cp -a /etc/foo/ /etc/foo.bak, eg. Cheers, aj -- Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG signed mail preferred. Linux.conf.au 2004 -- Because we can. http://conf.linux.org.au/ -- Jan 12-17, 2004
Attachment:
pgpLP98cIYsoS.pgp
Description: PGP signature