> On Mon, Sep 27, 2004 at 02:08:39PM -0500, leam wrote: > > > FYI: You should use useradd (groupadd) to portably create accounts. > > > useradd will fail if the account exists. You still have an issue: > > > if there's a chance the account was created by something else, you > > > need a way to know whether userdel (groupdel) it on package > > > removal - same problem you have now with manually adding entries. > > useradd would have a problem with the passwords which I can avoid by > > doing the same grep thing on shadow.new. We don't tend to mass remove > > home directories though we do lock them if the user leaves. Thus > > removal is not as much of an issue. > > Wait -- you're creating an account _with a set password_??? If you mean "set" as in "same password on different boxes", yup. Too many boxes to remember that many different passwords. However, these are not internet facing boxes. > > Also, the issue is not (particularly) removal of the home directory, but > removal of the account at all. Yup; we tend to only have a few accounts on the machines. Probably 8- 12ish. These aren't user accounts but admins for the different applications. So removal of the account would be a rare thing and even then we lock the account and let the application folks figure out if they need anything from the userdir. > > > Should I assume that since no one has answered the actual question that > > it can't be done? > > Sure, you can do it. You can do _anything_. However, not everything is a > good idea. This is the best idea for the task at hand; at least as far as I've seen. External password systems like Kerberos, YP, etc are not reliable enough and I only have a couple brain cells. Since we deny root ssh into the box the admin *must* have a reliable, always working level of access. It's probably not the slickest nor the most technically advanced, but when you have to build a lot of boxes quickly it's nice. :) ciao! leam _______________________________________________ Rpm-list mailing list Rpm-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/rpm-list
