Fedora User Management (revisited)

[Simo Sorce]

On Sat, 2007-03-10 at 03:30 -0500, Tom Lane wrote:
> Simo Sorce <ssorce at redhat.com> writes:
> > On Fri, 2007-03-09 at 22:12 -0500, Matthew Miller wrote:
> >> On Fri, Mar 09, 2007 at 10:08:02PM -0500, Simo Sorce wrote:
> >>> Why do we need fixed uids at all? is it so difficult to use
> >>> getpwnam() ??
> >> 
> >> Because the name isn't stored on the filesystem; just the number.
> 
> > It does not matter unless the application must be able to run
> > with /etc/passwd being absent.
> 
> Yes, it does matter, because if you uninstall and reinstall the package
> then any files that might have been owned by that UID should still be
> owned by that UID.  I run into this quite often with the database
> packages for instance.
> 
> (Oh, you didn't want your mysql update to wipe out your database?)

I think that's a packaging error.
>From my point of view, once a user is created it should never be
deleted. The admin can decide to delete some users by itself.

The rationale is that if there are still files owned by that user on the
filesystem, the wrong thing is "deleting the user" not "not having a
fixed uid".
The admin may still want to know after the uninstall what user owned
what files and to do that you should leave uid/gid in place so that on
ls the admin can see the user/group name.

Besides, there are countries (Italy for example, but I think
Sarbanes-Oaxley in the US may say something similar) where there are
laws that dictate how to manage users and declare that users should
never deleted but disabled. So any package that delete the user on
removal is going against these policies dictated by laws.
If you do not delete the user on removal you don't have this problem at
all, and you can happily use dynamic uid allocation.

Simo.