Adrian 'Dagurashibanipal' von Bidder [u] wrote on 28/10/2004 11:02:
[EMAIL PROTECTED]:
If a package creates a user when it is installed, should it remove this
user when it is removed, on only when it is purged?
>
I think not removing the user is the safe option: If ever some files
(potentially containing sensitive information) are owned by the package's
user and left behind after purge (perhaps because the admin moved them to
some other place), removing the user would allow some other package inherit
the files - and possibly would let the world access these files.
Completely right. However, I have seen packages (I think it was back in
my slackware days) which searched the disc for non-packaged files owned
by that user. If they found none, they removed the user. If they found
any, they asked wether to
1) remove those files and the corresponding user
2) remove the user but keep the files orphaned
3) remove the user and chown the files to root
4) keep user and files
Though the search took quite some time on large systems (even when
excluding /home from the search), I always thought this behaviour was
nice and secure.
I support every effort not to clutter the system with left-overs of old
packages, but security is more important here.
Right again.
I wish though that there was some way to achieve the behaviour outlined
above without the performance issue attached to it. One way could be to
teach dpkg to do a search of the system (excluding /home and potentially
other user homedirs) and fill a database of user/group -> file relations
which the packages may read during (de) installation. I haven't thought
about it much though.
cu,
sven
