On Thu, 22 Oct 2009, Junhao wrote: > Hi! > > At my workplace, I am in charge of data storage for my research group. > These files are placed in a *NIX file server, and users authentication > is through my corporate AD. Files are owned by individual users; other > users from the same group can only read the files. As primary research > data files, we basically expect these to be available forever. > > This system has worked well till several of my colleagues left. Their > user accounts were promptly deleted from the corporate AD, creating a > situation where their files are owned by invalid/unknown users. > > My workplace does not have a policy to handle this situation, so I am > wondering how everyone handles this age-old problem. Any advice?
I see this as your real problem, the issue of the files and their ownership is a symptom of the problem. I would lock the user for some period of time, then archive the files/e-mail/etc for some period of time, then delete them. time periods need to be decided by someone who can take the blame if they are too short and you delete something the company needs, or if they are too long and leave stuff around to complicate e-discovery requests. David Lang > I can only think of these 2 methods: > 1) create local users to replace the AD user. > There no confusion about the person who generated the data long time > past, and institutional knowledge can be preserved. However, this > becomes a management headache. > > 2) create a general user to own all these files. Simple solution, at the > expense of institutional knowledge. > > 3) request for the accounts to be locked, not deleted. I think Security > will scream... > > Any advice? > > Thanks! > Regards, > Junhao > > _______________________________________________ > Discuss mailing list > [email protected] > http://lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ > _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
