|
If groups are referenced by name only and data can be found later it should be ok.
(Some systems have used group IDs that can be unique, but I am not aware of any at the moment, the same ID can be impossible to create. In that case group should just be hidden from general users.)
Jan
From: Kevin Fenzi <kevin@xxxxxxxxx>
Sent: Monday, April 19, 2021 9:29 PM To: infrastructure@xxxxxxxxxxxxxxxxxxxxxxx <infrastructure@xxxxxxxxxxxxxxxxxxxxxxx> Subject: account system group deletions Greetings.
I thought I would bring up for dicussion here something thats come up after the new account system has been put in place. Namely, how do we handle group deletions. In the FAS2 world, we never deleted anything. I think this was partly due to an over abundence of caution (there could be files owned by the group left over on various machines) and partly just because it was easier. We now have 5 requests to remove various no longer used groups. I've enabled audit logging on our ipa01 instance, so we have audit logs (and I intend to back them up and keep them forever). So we can tell when a group was deleted by whom. We also have a db dump from fas2 before the switchover where we can look at who was in what group or what created it. So, I would like to propose: * we will remove groups on request/ticket from a group manager. * we will not seek out groups to remove, as them being there doesn't really hurt anything. Thoughts? If there's no objections soon I will go ahead and process those requests. kevin |
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
