[Adduser-devel] Bug#808230: deluser --system should lock the account

Marc Haber mh+debian-packages at zugschlus.de
Thu Dec 17 12:56:50 UTC 2015

Package: adduser
Version: 3.113+nmu3
Severity: wishlist


how to handle an account on package purge is a discussion going on for
more than a decade now. After the umpteenth re-hash of the issue on
#debian-devel, I have gotten the impression that there is rough
consensus for not deleting system accounts on package purge. The most
prominent argument for this situation is that the local admin might
have given file ownership to the account while the package was
installed, and when the account is deleted and its uid re-used later,
those files may become accessible to an unintended entity.

Currently, deluser --system will just print a warning if the account
to be deleted is actually a system user by virtue of its UID range and

Maybe it would be a good idea to change this behavior to locking the
account ("!" in shadow) if deluser is asked to delete a system account?

This doesn't prevent a privileged account to su/sudo/setuid into the
account, but it will prevent logins as this account while keeping the
UID reserved.


More information about the Adduser-devel mailing list