[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: Removal of user/groups

On Sat, Jul 12, 2008 at 04:56:03PM +0200, Carl Fürstenberg wrote:
> I was thinking of the reusability problem, and came up with the following:
> When an user/group is removed, it's placed in quarantine. That ID
> isn't used unless the same user/group is recreated, or that all other
> possible ID:s is exhausted. For most of the time, that would prevent
> an ID to be used for an other user/group.

An interesting proposal, to be sure. The first question which arises
is where to track this quarantine information, which needs to be a
mapping of user:uid or group:gid in files somewhere in the system.
For convenience, consider tracking that quarantine information under
the /etc directory in files names "passwd" and "group" respectively.
(Note: sarcasm aside, this would be effectively identical to not
deleting users and groups in the first place.)

I would consider the situation of "all other possible ID:s is
exhausted" to be a corner case not worth optimizing for. If you have
this many system users (Debian's default range provides room for
900, though the admin can easily increase this), it's probably
worthwhile to do some manual cleanup of that machine anyway.

To reiterate other replies, this topic has been discussed ad
nauseum, not only on this list but amongst security-conscious
administrators of Unix-derived systems since, well, the dawn of Unix
(or very close to it, at any rate). Automated deletion or reuse of
IDs is a Bad Idea[TM], since administrator intervention is required
to make absolutely sure no sensitive data is adopted by a new
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP(fungi@yuggoth.org); IRC(fungi@irc.yuggoth.org#ccl); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fungi@yuggoth.org);
MUD(fungi@katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); }

Reply to: