>My question is: If it were really important to make sure the user could no longer access the system at all, why not just delete the account? Deleting the user does not >(necessarily) delete their data, so what's the use case for keeping the account at all in such a situation? In my experience, something like nologin is the best choice when you want to disable a user temporarily. For one example, suppose you run a shell server for paying customers - what should you do with a customer who forgets to pay? If you altogether delete the account, or lock the password, they will get an authentication failure, giving them no clue as to the problem. With nologin, you have the opportunity to display a message encouraging them to make the payment. (Deleting the account outright will also destroy the password, and may cause further problems, for example their UID might be reused.) Using account expiry might be an even better option for this scenario, but I think nologin predates that mechanism. Toby. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
