Alan Altmark wrote:


In a Unix system, having a process to ensure that you *don't* orphan files
when deleting an account would seem to be de riguer.  If any file exists
to which said uid has privileges, then why would you delete the account
until you clean up the files?  I'm not a Unix sysadmin, but I presume that
there are admin packages that handle this sort of thing for you.  When you
discover that the admin tools is about to delete /sys/bin/important, you
might think twice about it and instead put that user on the "necessary"
list.

Users' files do not, by default, get deleted when the account is removed.

The ownership of a file is reflected in two numbers, and those are
mapped to names through /etc/passwd and /etc/group (and their
replacements in LDAP etc). Removal of accounts removes the mapping, but
not the files.

If you use a centralised authentication store, such as LDAP or RACF or
AD, then removing a user account could leave orphaned files all over the
 place.

I think removal of accounts, as opposed to disabling them, is not
something to undertake lightly. It might be that data there could be
required for legal purposes - recently in a public company in Australia
was reported to have embezzled a few million dollars. Enough that, when
the money was found, the company's share price doubled. Probably, the
user's files reflected her activities. Illegal activites aside, there
may be notes, saved emails and the like stored there and nowhere else
that may reflect agreements made and which someone else might need to
know about after they've left.




--

Cheers
John

-- spambait
[email protected]  [email protected]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390

Reply via email to