Hello, I just noticed that the userdel profile needs an additional permission - without it, no users can be deleted.
Looks like userdel is one of the lesser-used commands (more people use useradd - which you can verify by the fact that it already has this fix ;-) === modified file 'profiles/apparmor/profiles/extras/usr.sbin.userdel' --- profiles/apparmor/profiles/extras/usr.sbin.userdel 2011-08-27 +++ profiles/apparmor/profiles/extras/usr.sbin.userdel 2012-02-12 @@ -28,7 +28,7 @@ /bin/cat rmix, /bin/bash rmix, /dev/log w, - /etc/.pwd.lock rw, + /etc/.pwd.lock rwk, /etc/cron.deny r, /etc/default/useradd r, /etc/group* rwl, I also propose this patch for the 2.3 branch. Regards, Christian Boltz -- schliEßlichle sendi emeiSt Enleut ehier mehralsdreIpo Stingsa Mtag sOd Asesdoch et. Waserm üdentwärdenkahnimmerrattentsumÜßenw aßIrge nDeinezUs Ahmäst ell unkvonbU chst, abensagenw iel ;-) [Tilman Ahr in dcoulm zum Thema "Rechtschreibfehler stören doch nicht"] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor