[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the release team: the plans for etch

ke, 2005-10-26 kello 14:30 -0300, Humberto Massa kirjoitti:
> Problem being, if daemons don't remove their (supposedly exclusive-use)
> accounts, you can end in two years with 100 unnecessary accounts in a
> workstation.

It would certainly be good if we had a system for marking accounts as
unused by a package, and then give the sysadmin a tool for removing
them. Like, say, the postrm script could call automatic-deluser, which
reads /ec/default/automatic-deluser, and if METHOD is set to
"always-remove", removes the account, otherwise sets the shell to
to /bin/no-longer-in-use-by-package. The sysadmin can run
remove-autodeleted-accounts to remove accounts marked that way.

. /etc/default/automatic-deluser
if [ "$METHOD" = always-remove ]]
    deluser "$1"
    chsh -s /bin/no-longer-in-use-by-package "$1"

(Anyone running the above code should be aware that it is untested and
will probably replace your kernel with MS-DOS 2.11.)

The default value for METHOD probably should not be always-remove. As
has been pointed out in this thread, there are risks involved with that.
The cost is that for most people, there might be a couple, or a few,
unused system accounts, which doesn't seem to be much of a cost. People
who want to take the risk can change the default.

I would prefer to have this put into a separate command that can be
called from a postrm script, rather than as a debhelper command. Not all
packages use debhelper, and, anyway, a separate tool can be more easily
fixed without having to rebuild lots of packages.

Without grand dreams, how can you save the world?

Reply to: