Jason Spiro
2009-Nov-26 09:23 UTC
Preventing accidental REMOVE_HOME when you didn't know the option was set in deluser.conf
Hi, Thanks for maintaining the adduser package. Vivek Gite writes this story on his website: "The file /etc/deluser.conf was configured to remove the home directory (it was done by previous sys admin and it was my first day at work) and mail spool of the user to be removed. I just wanted to remove the user account and I end up deleting everything (note -r was activated via deluser.conf): userdel foo" How could the utility be changed to prevent this? I propose this solution: The command-line options --remove-home and --remove-all-files should still work as usual. But the config file REMOVE_HOME and REMOVE_ALL_FILES should not work unless the sysadmin also sets the BACKUP option or the INTERACTIVE option. The INTERACTIVE option would be a new option that you would write. It would prompt, "Delete all files owned by jspiro? [y/N]" What do you think?
Jason Spiro
2009-Dec-18 07:30 UTC
[Adduser-devel] Preventing accidental REMOVE_HOME when you didn't know the option was set in deluser.conf
Jason Spiro <jasonspiro4+gmane <at> gmail.com> writes:> I propose this solution: [userdel''s] command-line options --remove-home and > --remove-all-files should still work as usual. > > But the config file REMOVE_HOME and REMOVE_ALL_FILES should not work unless > the sysadmin also sets the BACKUP option or the INTERACTIVE option. The > INTERACTIVE option would be a new option that you would write. It would > prompt, "Delete all files owned by jspiro? [y/N]"A followup to my own post: Some people on irc.oftc.net #debian-devel, including Rhonda, ol, and formorer, pointed out to me that this would just encourage sysadmins to alias root''s deluser to ''deluser --remove-all-files'' instead of using REMOVE_ALL_FILES in deluser.conf. Also, if this gets changed in Debian but not other distros, it will surprise sysadmins who support multiple distros. So, on second thought, there is no reliable way to make this safer.