Re: Bits from the release team: the plans for etch
* Gabor Gombas (email@example.com) [051026 18:03]:
> On Wed, Oct 26, 2005 at 05:39:45PM +0200, Andreas Barth wrote:
> > > i don't think removing and reusing users is a good idea in practice.
> > > what harm would there be in simply leaving the user account on the
> > > system permenantly, with maybe locking the account and setting the
> > > shell to /bin/false?
> > Yep, that's probably best practice.
> Note that most system groups are already locked and have the shell set
> to /bin/false by default, anything else is likely a change made by the
> admin manually. Forcibly locking the account is thus overriding the
> admin's decision, so it must be at least clearly documented somewhere.
Well, locking of course only if the application needed something else
than /bin/false in the first place. :)
> Another thing would be to change the GECOS indicating that the account
> is now stale, and have some small utility to list/remove all such
> accounts. So whoever wants to automatically remove unused accounts can
> configure apt to do so by calling this utility from DPkg::Post-Invoke.
That might be possible, yes.