Neil McGovern wrote on 01/04/2005 02:02:
On Fri, Apr 01, 2005 at 12:32:00AM +0200, Tilman Koschnick wrote:On Thu, 2005-03-31 at 23:20 +0200, Jeroen van Wolffelaar wrote:On Thu, Mar 31, 2005 at 11:13:39PM +0200, Tilman Koschnick wrote:On Thu, 2005-03-31 at 22:47 +0200, Jeroen van Wolffelaar wrote:Leave the deletion of obsolete users up to the system administrator, do not do so on purge.What about small daemons that don't generate any files and don't require anything apart from what's in the package?In general, you cannot assume that the administator doesn't use the user for other stuff too, related (or not) to the package. An extra user entry really doesn't hurt anything, so can safely be left.I thought that was kind of the destinction between remove and purge. Purge tries to remove as much as the package scripts actually can - if the administrator didn't add anything, this would mean everything. If the administrator wants related stuff to stay around, they just remove a package. If they want to purge a package, they should take care of removing anything they added on top as well.Personally (IMO) if a package is installed, and immediately removed (with a purge), the system shoud be left in the same state as if the package was never installed in the first place.
While I generally agree with you, the potential risk of removing a user without really knowing there are no files left with that owner is far too high to accept. I have managed many systems with a high fluctuation of users, many of them being distributed across various servers and clients, and the removal of a user has always been a hassle.
So, a package should remove everything it _owns_ (i.e. all the files it installed itself). However, no package _owns_ a user since Debian has no way of registering UIDs to packages. And more often than not, usernames are used across multiple packages (even though most are used only by packages generated by the same source package). So which package should remove the user from /etc/passwd?
What if an LDAP based (or otherwise shared) user/group setup is used? Say package X installs on host A and creates user U. Then package X is installed on host B and _doesn't_ create the user, since it is already present. Later, package X is removed from A again (without any action taken on host A between installation and uninstallation). Should the user U be deleted by that package on purge? Why?
Do you see the implications? No package can tell wether a given user is used only on the current host or not. It usually can't even tell wether users are kept in a local only configuration (/etc/passwd for example) or in a shared database (LDAP or MySQL for example). So how should it know wether to delete the user or not?
cu, sven