On Fri, Oct 7, 2016 at 8:03 AM, Björn Persson <Bjorn@rombobjörn.se> wrote: > Andrew Toskin wrote: >> If it were really important to make sure the user could no longer >> access the system at all, why not just delete the account? Deleting >> the user does not (necessarily) delete their data, so what's the use >> case for keeping the account at all in such a situation? > > The files they owned, which may not only be in their home directory but > also in shared directories, will remain owned by the former user's > numeric user ID. That user ID is now unallocated, and may get reused > when a new account is created. The new user then gets access to all of > the former user's files. > > Björn It's worse when some monkeyboy has been using "useradd" casually, without trying to prevent overlap of userid. Suddenly a *system* account, such as a hand installed apache, named, tomcat, or mysql gets a uid matching that of another system account. Hilarity ensues. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
