Users and groups kept after a port deinstallation

jhell jhell at dataix.net
Sat May 22 07:29:42 UTC 2010 

On 05/21/2010 20:08, Garrett Cooper wrote:
> On Fri, May 21, 2010 at 4:53 PM, RW <rwmaillists at googlemail.com> wrote:
>> On Fri, 21 May 2010 16:23:18 +0100
>> Florent Thoumie <flz at xbsd.org> wrote:
>>
>>> On Fri, May 21, 2010 at 11:11 AM, David DEMELIER
>>> <demelier.david at gmail.com> wrote:
>>>> Hi,
>>>>
>>>> I used pkgsrc for a while on NetBSD. I was used to the pkgsrc
>>>> notifications about the users and groups leaves, when some ports are
>>>> removed these leaves are not used anymore. e.g pulseaudio needs some
>>>> users on the system.
>>>>
>>>
>>> This was discussed in the following bug-report:
>>>
>>> http://www.freebsd.org/cgi/query-pr.cgi?pr=108514
>>>
>>> I think the proper solution is to create a +UGIDS file to be able to
>>> maintain a refcount, but the status quo isn't that bad.
>>
>> Personally I'd much prefer to keep them so ls -l, filemanagers etc can
>> continue to use names rather than numbers for any files left behind.
>>
>> IMO the status quo is better than any solution that involves automated
>> deletion.
> 
>     I agree by and large with RW, but it would be nice if there was an
> audit tool to do this check and suggest whether or not a group should
> be added or removed in general, regardless of whether or not a
> pkg/port was added or removed.
> Thanks,
> -Garrett

find(1) is already used by periodic(1) through weekly_noid_enable which
should probably be extended to also include weekly_nogid_enable and
would ultimately alert you to users and groups that have gone missing
due to a port removal.

Having unused logins on a system is bad! and just for the case of
mapping to uid/gid does not justify leaving them. uid & gid printed in
ls(1) output may be ugly as well but you can not log in with one of
those and they should be handled in a way that is prompt to login removal.

find / -nouser
find / -nogroup

and then after inspection add -delete -print.

find / -empty

Of course these can be combined to form a simple one line command but I
will leave that as a exercise for the reader.

Regards,

-- 

 jhell

More information about the freebsd-ports mailing list