On Sun, Jul 01, 2012 at 12:00:25PM +0200, Marc Haber wrote: > On Fri, Jun 10, 2011 at 10:12:20AM +0100, Lars Wirzenius wrote: > > * When the package is removed, the user should be locked: > > "lockuser foo". > > * lockuser is a still-hypothetical tool, which needs to be added > > to the adduser package. It is a wrapper around "usermod -L -e 1 foo". > > * Similarly, adduser needs to be changed to unlock: > > "usermod -U -e '' foo". > Why not extending deluser to not delete the user if it is a system > account? Because that's contrary to the obvious meaning of 'deluser' and will be confusing to maintainers, if it doesn't actually result in the user being deleted. It's much better to have an interface that does what it says. > > Unclear to me are the following two points: > > * Should packages also remove the contents of the system account's > > home directory? > No, the local admin might have put important additional data in there. > It may be an idea to remove all files that the _package_ has put > there, but that would be a _significant_ burden IMO. This should be configurable by the package maintainer using a --remove-home flag. In the general case, admins should not use per-package directories under /var/lib as a dumping ground for arbitrary files and then expect these files to be retained when the package is purged. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org
Attachment:
signature.asc
Description: Digital signature