On Thursday, January 2, 2025 5:17:06 PM EST Björn Persson wrote: > Steve Grubb wrote: > > * Remove the package and verify audit events exist for account and group > > deletion (see above ausearch command). > > I was under the impression that it's common practice to leave user > accounts and groups behind when packages are removed. The rationale I've > seen is that if the user/group has access to any files that aren't owned > by the package, then the numeric ID will still have that access after > the name is removed. Next time a user/group is created the numeric ID > will be reused, and then the new user/group will inherit privileges > from the deleted one. > > If user accounts and groups will now be deleted automatically, is > anything done to purge their privileges to prevent that scenario? TBH, I'm not sure how it's implemented. So maybe "if applicable" might need to precede that last instruction. -Steve -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
