Brian May wrote:
On 22 November 2012 10:54, Trent W. Buck <trentbuck@gmail.com> wrote:
That strategy renders a lot of UIDs unreachable when some enterprising fellow manually creates an account with a high UID. I start at the bottom and and count up until I find an unused one. Both strategies should be linear with the number of existing users (I think).
Hmm. Problem with that strategy is that you risk reusing IDs, if you have a policy of deleting old users as they leave. This ID might still own resources on random computer systems.
(of course another solution to this is to lock accounts, not delete them when staff leave. Locking accounts is another can of worms when you consider ssh key auth logins, locking the password is insufficient to block access to the account - have found setting the shell to an invalid value seems to work - ssh checks if the shell exists or not even with -N)
Correct on all points. You've pretty well convinced me that your approach is better, but inertia will probably keep my code as-is for the current deployment :-)