Re: Bug#621833: System users: removing them
- To: Ian Jackson <firstname.lastname@example.org>
- Cc: Steve Langasek <email@example.com>, sean finney <firstname.lastname@example.org>, email@example.com, Lars Wirzenius <firstname.lastname@example.org>, email@example.com
- Subject: Re: Bug#621833: System users: removing them
- From: Andreas Barth <firstname.lastname@example.org>
- Date: Sun, 1 May 2011 16:42:17 +0200
- Message-id: <20110501144217.GH15003@mails.so.argh.org>
- Mail-followup-to: Andreas Barth <email@example.com>, Ian Jackson <firstname.lastname@example.org>, Steve Langasek <email@example.com>, sean finney <firstname.lastname@example.org>, email@example.com, Lars Wirzenius <firstname.lastname@example.org>, email@example.com
- In-reply-to: <firstname.lastname@example.org>
- References: <email@example.com> <firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org> <20110412193147.GA15850@cobija.connexer.com> <20110501074903.GC11712@virgil.dodds.net> <email@example.com>
* Ian Jackson (firstname.lastname@example.org) [110501 16:39]:
> Steve Langasek writes ("Re: Bug#621833: System users: removing them"):
> > On Tue, Apr 12, 2011 at 09:31:47PM +0200, sean finney wrote:
> > > I second your original proposal though, that packages must not delete
> > > system users that they have created. I don't think anyone had objections
> > > to that, and the question is whether things should be taken further.
> > I do object to telling maintainers they must not delete system users,
> > without also giving guidance on how and when to lock the accounts.
> Yes, I agree with this.
> > Sorry, no time at the moment to propose verbiage to reconcile this with your
> > concerns.
> I think the right thing to do would be to have deluser lock (rather
> than delete) system users when invoked in the way currently used by
> maintainer scripts. Provided that doesn't make interactive use of
> deluser break somehow.
I agree that system users should never be removed by maintainer
scripts, but as said: Someone would need to write that down before
starting to behave so.