Re: [caiman-discuss] Draft design for unconfiguration of user/root account updated

Thu, 24 Mar 2011 08:34:43 -0700 

 On 03/24/11 04:21 PM, Dave Miner wrote:

On 03/24/11 07:28 AM, Jan Damborsky wrote:

On 03/23/11 06:47 PM, Dave Miner wrote:

Jan, with respect to this change below:



+
+ * 'boolean' property 'configured_user/remove_home_dir'.
+ If set to true, unconfigure smf method will remove home directory
+ (along with underlying ZFS dataset). It will default to 'false'.
+
+ It will be goal of 'sysconfig' tool to set that property when user
+ explicitly expresses desire to wipe out home directory for
+ to-be-unconfigured user account.



Before I agree, I'd like our reaction to my suggestion in another
thread about the sysconfig CLI of generalizing this sort of
destructiveness so that sysconfig doesn't have to do something
specific for this particular service.


Hi Dave,

I agree with your proposal in another thread to make that
more generic and implement smf property in 'unconfig' milestone
instead of svc:/system/config.

Based on that, I propose to remove the section you quote above
and instead enhance Chapter 6.1 user account.

Please let me know if that's compliant with what you envision.



Yes, that seems good.




Thank you, Dave.
Jan



Dave


Thank you,
Jan


6.1 user account
----------------
For user account, smf unconfigure method will

* remove user from local databases:
passwd(4), shadow(4), group(4), user_attr(4)
* remove user entry from /etc/auto_home file
* remove home directory along with underlying ZFS dataset
* remove user entry from sudoers(4) file

smf method will consume userdel(1m) utility to accomplish
all tasks above except of the last one.

+ As deleting home directory might not be perceived as an apparent
+ effect of user account removal, there is a risk user could
+ inadvertently lose data stored there.

+ In order to mitigate that risk, home directory will not be
+ removed by default. It will be removed only if smf property
+ (TBD) of 'unconfig' milestone is set to 'true'.

+ It will be goal of 'sysconfig' CLI tool to set that property
+ only if user explicitly expresses desire to enable those
+ destructive actions.





_______________________________________________
caiman-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/caiman-discuss

Reply via email to