Fedora User Management (revisited)
Simo Sorce
ssorce at redhat.com
Sat Mar 10 16:22:45 UTC 2007
On Sat, 2007-03-10 at 16:47 +0100, Enrico Scholz wrote:
> Simo Sorce <ssorce at redhat.com> writes:
>
> > I think that's a packaging error. From my point of view, once a user
> > is created it should never be deleted.
>
> Happens automatically e.g. during a reinstallation. E.g. have /srv/data
> with TiB of data owned by service user A with dynamic uid 234. Something
> foobars your system (disk error in system partition, somebody deleted
> /lib, perhaps intrusion) and after reinstallation the user A has suddenly
> an uid of 198.
You never heard of backups and disaster recovery did you?
You can't be serious I have to think that you can't make real examples
because there isn't a single real case that your method fixes.
All cases you posted so far, if you go at the bottom of it, are really
just poor deployment planning cases.
You can't fix poor planning, and trying to fix, in some questionable
way, just one of the thousands issues that poor planning causes is just
silly imo.
> > Besides, there are countries (Italy for example, but I think
> > Sarbanes-Oaxley in the US may say something similar) where there
> > are laws that dictate how to manage users and declare that users
> > should never deleted but disabled.
>
> Without being sure, I think this is about accounts of natural persons
> but not of service users.
No, all users (and service users are no different from normal users)
that own files must not be deleted or even if deleted uid/gids MUST not
be reused.
Simo.
More information about the Fedora-maintainers
mailing list