Well, there are lots of things to think about. Unix is not just Linux, there are many more out there and not all the authentication/user situations are the same. You also have to think about Solaris and yellowpages, systems without /etc/shadow, LDAP, DCE, Krb5, etc. The list is endless in the differences in how accounts are set up and authenticated.
A plugin for system specific accounts would be nice, but probably impractical to implement due to the mass amount of differences, unless it was something fairly generic like "packages:" where you build your own. Still, that would be tricky. On Mar 17, 2010, at 1:00 PM, Justin Lloyd wrote: > Does anyone have a bundle or set of promises for deleting a local Unix > account? I'm thinking about how to approach this cleanly, including > removing the user from any groups in /etc/group. I thought about using > systems' native commands (e.g. userdel, passmgmt, pwck, pwconv, etc.) > but there can be odd cases, such as half-deleted accounts (only in > /etc/shadow for example) that the native commands won't clean up. It > could have an option, as well, for deleting the accounts' home > directories, also depending on whether they're local or NFS. What else > am I forgetting? > > I can work on this on my own once I have the time (working on my Nova > upgrade and initial policy finalization right now), but I think > something like this, if someone already has a good starting point, would > be a great candidate for the COPBL or at least a Cfengine cookbook like > Neil's. Hmm, I sense an O'reilly book here... :) > > Thanks, > Justin > > -- > Justin C. Lloyd > Unix Infrastructure Engineer > DigitalGlobe, An Imaging and Information Company > > > This electronic communication and any attachments may contain confidential > and proprietary > information of DigitalGlobe, Inc. If you are not the intended recipient, or > an agent or employee > responsible for delivering this communication to the intended recipient, or > if you have received > this communication in error, please do not print, copy, retransmit, > disseminate or > otherwise use the information. Please indicate to the sender that you have > received this > communication in error, and delete the copy you received. DigitalGlobe > reserves the > right to monitor any electronic communication sent or received by its > employees, agents > or representatives. > > _______________________________________________ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
