On Wed, Oct 26, 2005 at 05:39:45PM +0200, Andreas Barth wrote: > > i don't think removing and reusing users is a good idea in practice. > > what harm would there be in simply leaving the user account on the > > system permenantly, with maybe locking the account and setting the > > shell to /bin/false? > > Yep, that's probably best practice.
Note that most system groups are already locked and have the shell set to /bin/false by default, anything else is likely a change made by the admin manually. Forcibly locking the account is thus overriding the admin's decision, so it must be at least clearly documented somewhere. Another thing would be to change the GECOS indicating that the account is now stale, and have some small utility to list/remove all such accounts. So whoever wants to automatically remove unused accounts can configure apt to do so by calling this utility from DPkg::Post-Invoke. Gabor -- --------------------------------------------------------- MTA SZTAKI Computer and Automation Research Institute Hungarian Academy of Sciences --------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]