Re: Bits from the release team: the plans for etch

To: Andreas Barth <aba@not.so.argh.org>, sean finney <seanius@debian.org>, Olaf van der Spek <olafvdspek@gmail.com>, debian-devel@lists.debian.org
Subject: Re: Bits from the release team: the plans for etch
From: Gabor Gombas <gombasg@sztaki.hu>
Date: Wed, 26 Oct 2005 18:02:36 +0200
Message-id: <[🔎] 20051026160221.GW15626@boogie.lpds.sztaki.hu>
In-reply-to: <[🔎] 20051026153945.GA31042@mails.so.argh.org>
References: <[🔎] 20051025105240.GA21436@javifsp.no-ip.org> <[🔎] E1EUOsY-0000Jv-F3@scyw00225.scy001.de> <[🔎] 20051025202118.GA10290@javifsp.no-ip.org> <[🔎] E1EUecU-0004QS-NV@scyw00225.scy001.de> <[🔎] 20051026091100.GA3940@javifsp.no-ip.org> <[🔎] 20051026115319.GE15626@boogie.lpds.sztaki.hu> <[🔎] b2cc26e40510260500g3194ff7bx2eb80d58834fe0ea@mail.gmail.com> <[🔎] 20051026121541.GG15626@boogie.lpds.sztaki.hu> <20051026122002.GA26379@seanius.net> <[🔎] 20051026153945.GA31042@mails.so.argh.org>

On Wed, Oct 26, 2005 at 05:39:45PM +0200, Andreas Barth wrote:

> > i don't think removing and reusing users is a good idea in practice.
> > what harm would there be in simply leaving the user account on the
> > system permenantly, with maybe locking the account and setting the
> > shell to /bin/false?
> 
> Yep, that's probably best practice.

Note that most system groups are already locked and have the shell set
to /bin/false by default, anything else is likely a change made by the
admin manually. Forcibly locking the account is thus overriding the
admin's decision, so it must be at least clearly documented somewhere.

Another thing would be to change the GECOS indicating that the account
is now stale, and have some small utility to list/remove all such
accounts. So whoever wants to automatically remove unused accounts can
configure apt to do so by calling this utility from DPkg::Post-Invoke.

Gabor

-- 
     ---------------------------------------------------------
     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences
     ---------------------------------------------------------

Reply to:

Follow-Ups:
- Re: Bits from the release team: the plans for etch
  - From: Andreas Barth <aba@not.so.argh.org>

References:
- Re: Bits from the release team: the plans for etch
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Bits from the release team: the plans for etch
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Bits from the release team: the plans for etch
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Bits from the release team: the plans for etch
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Bits from the release team: the plans for etch
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Bits from the release team: the plans for etch
  - From: Gabor Gombas <gombasg@sztaki.hu>
- Re: Bits from the release team: the plans for etch
  - From: Olaf van der Spek <olafvdspek@gmail.com>
- Re: Bits from the release team: the plans for etch
  - From: Gabor Gombas <gombasg@sztaki.hu>
- Re: Bits from the release team: the plans for etch
  - From: Andreas Barth <aba@not.so.argh.org>

Prev by Date: Re: Bits from the release team: the plans for etch
Next by Date: Bug#335900: O: pyxmms -- Python interface to XMMS
Previous by thread: Re: Bits from the release team: the plans for etch
Next by thread: Re: Bits from the release team: the plans for etch
Index(es):
- Date
- Thread