On Tuesday 03 November 2009 19:42:12 John Summerfield wrote:
> Alan Altmark wrote:
> > In a Unix system, having a process to ensure that you *don't* orphan
> > files when deleting an account would seem to be de riguer. If any file
> > exists to which said uid has privileges, then why would you delete the
> > account until you clean up the files? I'm not a Unix sysadmin, but I
> > presume that there are admin packages that handle this sort of thing for
> > you. When you discover that the admin tools is about to delete
> > /sys/bin/important, you might think twice about it and instead put that
> > user on the "necessary" list.
>
> Users' files do not, by default, get deleted when the account is removed.
>
> The ownership of a file is reflected in two numbers, and those are
> mapped to names through /etc/passwd and /etc/group (and their
> replacements in LDAP etc). Removal of accounts removes the mapping, but
> not the files.
>
> If you use a centralised authentication store, such as LDAP or RACF or
> AD, then removing a user account could leave orphaned files all over the
> place.
>
> I think removal of accounts, as opposed to disabling them, is not
> something to undertake lightly. It might be that data there could be
> required for legal purposes - recently in a public company in Australia
> was reported to have embezzled a few million dollars. Enough that, when
> the money was found, the company's share price doubled. Probably, the
> user's files reflected her activities. Illegal activites aside, there
> may be notes, saved emails and the like stored there and nowhere else
> that may reflect agreements made and which someone else might need to
> know about after they've left.
>
All of your comments are correct, and all of the installations where I
have
worked have checklists and procedures for handling the removal of such
accounts, which include the identification and either removal or reassignment
of related files before the account is removed; but these do not cover the
case of an unidentified account which is owned by no identifiable entity and
has no apparent use except to provide a possible weakness in the system's
security merely by existing. (One may believe that since it is a "nologin"
account, etc., that there is no chance that in the future some hacker might
find a way to exploit its existence, but history has shown that such beliefs
are not safe ones.) The policy of most enterprises that unused accounts
should not exist on the system unless they can be justified as serving a
business purpose is valid for accounts such as games as well as for accounts
defined by the system administrators.
If the only purpose for the games account is to collect high-score
numbers
for accounts where games are used, it has no purpose on a business server,
and it should not be included in such a distribution. It is hard for me to
believe that an account with such a minimal purpose cannot be excluded
without causing a cascade of problems in the rest of the system, and it seems
to me that the distributors of SLES and RHEL should have excluded them long
ago.
Leslie Turriff
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
