Steve Grubb wrote:
> * Remove the package and verify audit events exist for account and group 
> deletion (see above ausearch command).

I was under the impression that it's common practice to leave user
accounts and groups behind when packages are removed. The rationale I've
seen is that if the user/group has access to any files that aren't owned
by the package, then the numeric ID will still have that access after
the name is removed. Next time a user/group is created the numeric ID
will be reused, and then the new user/group will inherit privileges
from the deleted one.

If user accounts and groups will now be deleted automatically, is
anything done to purge their privileges to prevent that scenario?

Björn Persson

Attachment: pgpalLqoHvbSO.pgp
Description: OpenPGP digital signatur

-- 
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to