[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the release team: the plans for etch

On Wed, Oct 26, 2005 at 05:39:45PM +0200, Andreas Barth wrote:

> > i don't think removing and reusing users is a good idea in practice.
> > what harm would there be in simply leaving the user account on the
> > system permenantly, with maybe locking the account and setting the
> > shell to /bin/false?
> Yep, that's probably best practice.

Note that most system groups are already locked and have the shell set
to /bin/false by default, anything else is likely a change made by the
admin manually. Forcibly locking the account is thus overriding the
admin's decision, so it must be at least clearly documented somewhere.

Another thing would be to change the GECOS indicating that the account
is now stale, and have some small utility to list/remove all such
accounts. So whoever wants to automatically remove unused accounts can
configure apt to do so by calling this utility from DPkg::Post-Invoke.


     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences

Reply to: