Steve Grubb wrote: > * Remove the package and verify audit events exist for account and group > deletion (see above ausearch command). I was under the impression that it's common practice to leave user accounts and groups behind when packages are removed. The rationale I've seen is that if the user/group has access to any files that aren't owned by the package, then the numeric ID will still have that access after the name is removed. Next time a user/group is created the numeric ID will be reused, and then the new user/group will inherit privileges from the deleted one. If user accounts and groups will now be deleted automatically, is anything done to purge their privileges to prevent that scenario? Björn Persson
Attachment:
pgpqY3y9E4dKJ.pgp
Description: OpenPGP digital signatur
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
