On Sat, Jul 12, 2008 at 04:56:03PM +0200, Carl Fürstenberg wrote: [...] > I was thinking of the reusability problem, and came up with the following: > When an user/group is removed, it's placed in quarantine. That ID > isn't used unless the same user/group is recreated, or that all other > possible ID:s is exhausted. For most of the time, that would prevent > an ID to be used for an other user/group.
An interesting proposal, to be sure. The first question which arises is where to track this quarantine information, which needs to be a mapping of user:uid or group:gid in files somewhere in the system. For convenience, consider tracking that quarantine information under the /etc directory in files names "passwd" and "group" respectively. (Note: sarcasm aside, this would be effectively identical to not deleting users and groups in the first place.) I would consider the situation of "all other possible ID:s is exhausted" to be a corner case not worth optimizing for. If you have this many system users (Debian's default range provides room for 900, though the admin can easily increase this), it's probably worthwhile to do some manual cleanup of that machine anyway. To reiterate other replies, this topic has been discussed ad nauseum, not only on this list but amongst security-conscious administrators of Unix-derived systems since, well, the dawn of Unix (or very close to it, at any rate). Automated deletion or reuse of IDs is a Bad Idea[TM], since administrator intervention is required to make absolutely sure no sensitive data is adopted by a new application. -- { IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657); SMTP([EMAIL PROTECTED]); IRC([EMAIL PROTECTED]); ICQ(114362511); AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER([EMAIL PROTECTED]); MUD([EMAIL PROTECTED]:6669); WWW(http://fungi.yuggoth.org/); } -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]