On Tue, 14 Nov 2006, Russ Allbery wrote: > This is something that I'd really like to see us sort out in policy, > since I think we should be able to describe consistent behavior with > regard to system users and package purging to our users.
What makes the most sense to me is to not delete the user, and warn that this has not been done. (I'm really not sure how best to do the warning besides outputing to STDERR.) This avoids the obvious problems with deleting a user who may still own files on the system, and then recreating a different username for a different program with the same uid which shouldn't have access to those files (or, worse, if someone was insane and made something setuid to the autogenerated uid.) A further refinement of this suggestion is to allow/suggest prompting using debconf with a low priority question to remove the user, with the default set to not delete. [This would be my personal preference; it may even be worthwhile to consider codifying a best practice,[1] and then if Joey Hess agrees, creating a dh_installuser or similar script which implements it, including debconf routines.] This would allow individuals who knew that they wanted to delete the user to easily cause the user to be deleted, and do so in an automated fashion. Don Armstrong 1: Granted, this best practice should probaly be codified in the Developer's Reference, not policy, but we could discuss it at the same time. -- It was said that life was cheap in Ankh-Morpork. This was, of course, completely wrong. Life was often very expensive; you could get death for free. -- Terry Pratchet _Pyramids_ p25 http://www.donarmstrong.com http://rzlab.ucr.edu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
