[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#621833: System users: removing them

On Sun, Apr 10, 2011 at 11:03:34AM -0700, Russ Allbery wrote:
> sean finney <seanius@seanius.net> writes:
> 
> > For locking the account, I think it could be problematic if you have
> > some kind of central account management system (i.e. LDAP/AD), and you
> > don't want to lock it globally.
> 
> Yeah, but adduser doesn't ever do anything with central account management
> systems anyway, so far as I know, so you could tell adduser to lock it and
> if adduser can't find it in the local /etc/passwd or /etc/shadow, it would
> just give up.

I was always given the impression that adduser and friends "wanted" to be
able to handle non-local accounts, but nobody had ever extended it to do
so?  So I think it's a bit shaky to make that assumption.

But if we specifically limit the scope for users/groups being locked to
"only if they're in /etc/passwd,/etc/group" then yes I think that the
recommendation makes sense.  But then we probably ought to also have
some boilerplate examples of exactly how it should be done.

On that note, I just read over 9.2 and see we don't have anything about
the right behavior for adding users/groups there either, and you have
similar problems along those lines.  Actually it seems that 9.2 as a
whole could use a bit of a facelift :)



	sean
Reply to: