On Sun, May 29, 2011 at 12:04:35PM +0100, Roger Leigh wrote: > On Sun, May 01, 2011 at 03:06:00PM +0100, Ian Jackson wrote: > > Steve Langasek writes ("Re: Bug#621833: System users: removing them"): > > > On Tue, Apr 12, 2011 at 09:31:47PM +0200, sean finney wrote: > > > > I second your original proposal though, that packages must not delete > > > > system users that they have created. I don't think anyone had objections > > > > to that, and the question is whether things should be taken further. > > > > > > I do object to telling maintainers they must not delete system users, > > > without also giving guidance on how and when to lock the accounts. > > > > Yes, I agree with this. > > > > > Sorry, no time at the moment to propose verbiage to reconcile this with your > > > concerns. > > > > I think the right thing to do would be to have deluser lock (rather > > than delete) system users when invoked in the way currently used by > > maintainer scripts. Provided that doesn't make interactive use of > > deluser break somehow. > > I've been looking at how this might be accomplished right now, and > have these observations to make. (These are WRT my addition and > removal of the "sbuild" user in the sbuild package.) > > 1) Locking on removal. > > This is as simple as doing (in postrm) > > # Lock sbuild account. > usermod -U -e 1 sbuild Oops, should of course be "usermod -L -e 1 sbuild" -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
Description: Digital signature