[Adduser-devel] Bug#472349: Bug#472349: adduser: please delay more than 5 seconds during deluser root
Stephen Gran
sgran at debian.org
Mon Mar 24 00:13:57 UTC 2008
This one time, at band camp, Paul Johnson said:
> On Sunday 23 March 2008 10:53:15 am Justin Pryzby wrote:
>
> > This patch explicit statement that there is a time limit; without
> > this, users are likely to reread the huge warning rather than quickly
> > aborting/suspending the process to investigate.
>
> With something as grave as removing the root account, wouldn't it make much
> more sense to ask for explicit confirmation to be entered and wait
> indefinitely until that happens, similar to what you must do in dpkg or apt
> if you try to remove base required packages? adduser/deluser sometimes get
> called by apt themselves, possibly while the operator who called it has
> abandoned their console to go get coffee or take care of some other task.
This bug is mostly harmless when deluser is called without a foolish
flag like --remove-home or worse, --remove-all-files. It is possible,
of course, to say "no, you can't ever do that", but I do feel a little
uncomfortable second guessing an admin who wants to do something
drastically stupid - unix doesn't generally do that.
I agree that the harm caused by allowing people to effectively ask for
removal of the root account and all files that are uid 0 is stupid, so
what I propose is: allow removal of a uid 0 account, provided the
username is not root. Also, fail before doing anything if either of
--remove-home or --remove-all-files is given. Seem reasonable?
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran at debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20080324/02d25a4c/attachment.pgp
More information about the Adduser-devel
mailing list