[Adduser-devel] Preventing accidental REMOVE_HOME when you didn't know the option was set in deluser.conf

Jason Spiro jasonspiro4+gmane at gmail.com
Thu Nov 26 09:23:49 UTC 2009


Thanks for maintaining the adduser package.

Vivek Gite writes this story on his website:

"The file /etc/deluser.conf was configured to remove the home directory (it was
done by previous sys admin and it was my first day at work) and mail spool of
the user to be removed. I just wanted to remove the user account and I end up
deleting everything (note -r was activated via deluser.conf):

userdel foo"

How could the utility be changed to prevent this?

I propose this solution:  The command-line options --remove-home and
--remove-all-files should still work as usual.

But the config file REMOVE_HOME and REMOVE_ALL_FILES should not work unless the
sysadmin also sets the BACKUP option or the INTERACTIVE option.  The INTERACTIVE
option would be a new option that you would write.  It would prompt, "Delete all
files owned by jspiro? [y/N]"

What do you think?

More information about the Adduser-devel mailing list