If groups are referenced by name only and data can be found later it should be ok. (Some systems have used group IDs that can be unique, but I am not aware of any at the moment, the same ID can be impossible to create. In that case group should just be hidden from general users.)
Jan ________________________________ From: Kevin Fenzi <[email protected]> Sent: Monday, April 19, 2021 9:29 PM To: [email protected] <[email protected]> Subject: account system group deletions Greetings. I thought I would bring up for dicussion here something thats come up after the new account system has been put in place. Namely, how do we handle group deletions. In the FAS2 world, we never deleted anything. I think this was partly due to an over abundence of caution (there could be files owned by the group left over on various machines) and partly just because it was easier. We now have 5 requests to remove various no longer used groups. I've enabled audit logging on our ipa01 instance, so we have audit logs (and I intend to back them up and keep them forever). So we can tell when a group was deleted by whom. We also have a db dump from fas2 before the switchover where we can look at who was in what group or what created it. So, I would like to propose: * we will remove groups on request/ticket from a group manager. * we will not seek out groups to remove, as them being there doesn't really hurt anything. Thoughts? If there's no objections soon I will go ahead and process those requests. kevin
_______________________________________________ infrastructure mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
