22 Nov
2012
22 Nov
'12
12:05 a.m.
On 22 November 2012 10:54, Trent W. Buck <trentbuck(a)gmail.com> wrote:
That strategy renders a lot of UIDs unreachable when
some enterprising
fellow manually creates an account with a high UID. I start at the
bottom and and count up until I find an unused one. Both strategies
should be linear with the number of existing users (I think).
Hmm. Problem with that strategy is that you risk reusing IDs, if you
have a policy of deleting old users as they leave. This ID might still
own resources on random computer systems.
(of course another solution to this is to lock accounts, not delete
them when staff leave. Locking accounts is another can of worms when
you consider ssh key auth logins, locking the password is insufficient
to block access to the account - have found setting the shell to an
invalid value seems to work - ssh checks if the shell exists or not
even with -N)
--
Brian May <brian(a)microcomaustralia.com.au>