On Sun, Nov 30, 2003 at 04:42:44AM +0100, Peter Palfrader wrote:
> > Presumable, if you purge the package, then the user is no longer needed.
> > So shouldn't the user be deleted?
> We cannot guarantee that no file on disk is owned by the user or group.
> The local admin may for instance have made a backup copy of files owned
> by the user (cp -a /etc/foo/ /etc/foo.bak; suppose something in that
> dir is uid or gid user).
Erm, surely everything in /etc should be owned by root? The group mightn't
be, but surely the user should be? (Otherwise you're allowing random daemons
to _modify_ your configuration, rather than just read it)
> After purging the package they are still there
> and after installing another daemon they are suddenly owned by another
> package's user.
You could fix that by having adduser generally try to avoid reusing
uids/gids in the various dynamic ranges (which would require keeping a
track of purged users). But the only time an admin should be /required/
to get rid of cruft (extraneous users, random files) is when s/he
specifically created them -- by doing cp -a /etc/foo/ /etc/foo.bak, eg.
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
Linux.conf.au 2004 -- Because we can.
http://conf.linux.org.au/ -- Jan 12-17, 2004
Attachment:
pgpLP98cIYsoS.pgp
Description: PGP signature