On Thu, 22 Oct 2009, John Stoffel wrote: > Edward> Never delete user accounts. Just disable them. For precisely > Edward> the reason mentioned - after a user account is deleted, > Edward> whether Windows or Linux fileshare, the system says "I don't > Edward> know who owns those files..." > > We don't delete them right away, but we do ask their manager to > cleanup and we will chown them to someone else as needed. Generally > the manager. > > Depending on the company, nuking accounts might be the only way to do > it. At a smaller shop, UIDs aren't a problem, but username conflicts > can and do crop up.
username conflicts are a problem anyway. when you look at logs years later do you really want to have to remember that user 'joe' means one person before July 2009 a different person as of September 2009? David Lang > Basically, if you have a process which all agree on and understand, > you're set. Get management to buy in with the process and force > Security to work with that. > > John > _______________________________________________ > Discuss mailing list > Discuss@lopsa.org > http://lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ > _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
