Lars Wirzenius writes ("System users: removing them"):
> The easy solution for this would be to never remove the user, but that's
> also not so clear.To remove a user and reclaim the uid is a difficult business. > * Extra accounts are just wasteful, and may cause some confusion. > * There is a tiny risk of having unused accounts on the system. > (We have tens of them anyway, but still.) I think a disabled account present in passwd (with changed home directory, and starred out shadow entry) is less risk than a reused uid. > Most hosts, however, can safely remove the system user when the package > is removed, if the user is to be removed at all. There may be cases > where a package's system user should not be removed, because some files > that belong to it will not be removed, such as a Usenet spool. IMO the accounts should be retained but disabled. > I propose the following: > > * We patch deluser to check for a boolean DELETE_SYSTEM_USERS > setting in /etc/adduser.conf. If set to false, it does not > remove the user. Default the setting to true, since that is > status quo and works for most hosts and sites. Maybe also add a > --force option to override the config file setting? The current default is not to delete the user because packages don't generally do so, surely ? Ian. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/19860.32563.116133.70...@chiark.greenend.org.uk
