On Sun, Apr 10, 2011 at 11:03:34AM -0700, Russ Allbery wrote:
> sean finney <sean...@seanius.net> writes:
>
> > For locking the account, I think it could be problematic if you have
> > some kind of central account management system (i.e. LDAP/AD), and you
> > don't want to lock it globally.
>
> Yeah, but adduser doesn't ever do anything with central account management
> systems anyway, so far as I know, so you could tell adduser to lock it and
> if adduser can't find it in the local /etc/passwd or /etc/shadow, it would
> just give up.
I was always given the impression that adduser and friends "wanted" to be
able to handle non-local accounts, but nobody had ever extended it to do
so? So I think it's a bit shaky to make that assumption.
But if we specifically limit the scope for users/groups being locked to
"only if they're in /etc/passwd,/etc/group" then yes I think that the
recommendation makes sense. But then we probably ought to also have
some boilerplate examples of exactly how it should be done.
On that note, I just read over 9.2 and see we don't have anything about
the right behavior for adding users/groups there either, and you have
similar problems along those lines. Actually it seems that 9.2 as a
whole could use a bit of a facelift :)
sean
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
