Hi Ludovic,
Ludovic Courtès <l...@gnu.org> wrote:
>>> Note that the ID allocation strategy in (gnu build accounts) ensures
>>> UIDs/GIDs aren’t reused right away (same strategy as implemented by
>>> Shadow, etc.). So if you remove “bob”, then add “alice”, “alice” won’t
>>> be able to access the left-behind /home/bob because it has a different
>>> UID.
I replied:
>> This mechanism is insufficient, because it only avoids the problem if
>> you add "alice" at the same time that "bob" is removed. If you remove
>> "bob" during one system activation, and then later add "alice", then
>> "alice" might well be able to access bob's left-behind files.
Ludovic Courtès <l...@gnu.org> responded:
> To be clear, it’s doing the same as any other GNU/Linux distro.
I don't think that's quite right.
It's true that if you delete a user or group on another distro and then
re-add it, it might not be assigned the same UID/GID. That much is the
same as any other distro.
The key difference is this: On Debian, at least in my experience, users
and groups are *never* deleted automatically. They are only added
automatically, but never removed unless you explicitly ask to remove
them. So, this problem does not arise in practice.
Thanks,
Mark
