Bug#390457: [Adduser-devel] Bug#390457: adduser: deluser --system
should be configurable to not delete the account
Marc Haber
mh+debian-packages at zugschlus.de
Mon Oct 2 21:43:13 UTC 2006
On Mon, Oct 02, 2006 at 08:43:26PM +0100, Stephen Gran wrote:
> This one time, at band camp, Marc Haber said:
> > I'd like to see deluser --system having a configuration option which
> > would prevent an account from actually being deleted. That way, a
> > local administrator could make sure that UIDs are not being re-used.
> >
> > If this option is enabled, deluser --system would set the shell to
> > /bin/false and invalidate the password (I am not sure whether the
> > password should be destroyed or invalidated in a reversible way).
> >
> > The default would, of course, be current behavior with actually
> > deleting the account.
>
> This is repeating logic already available (chsh and passwd -l) that
> don't really buy all that much security.
deluser would do its work by invoking chsh and password -l.
> Add a --permanent flag to adduser, which writes the uid to a state file.
> Make deluser exit 0 (or some specific non-zero) if called for a uid in that file.
> Add --force to deluser to override it.
That would mean touching a lot of packages.
> Maintainers could then individually decide if they think the accounts
> they set up are sensitive enough to be worth preserving, and call chsh
> and passwd -l themselves in postrm, or, maybe better:
>
> if deluser $user; then
> if [ $? = 6 ]; then
> chsh -s /bin/false $user
> passwd -l $user
> else
> ...
> fi
> fi
The idea of adduser and deluser is to move complexity needed in
maintainer scripts to adduser and deluser. What you are suggesting is
adding eight lines of code to a lot of maintainer scripts. I do not
like that idea as bugs in that code are going to show up and need to
be fixed in a gazillion of packages.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
More information about the Adduser-devel
mailing list