22 Nov
2012
22 Nov
'12
5:19 a.m.
Brian May wrote:
On 22 November 2012 10:54, Trent W. Buck
<trentbuck(a)gmail.com> wrote:
Correct on all points. You've pretty well convinced me that your
approach is better, but inertia will probably keep my code as-is for
the current deployment :-)
That strategy renders a lot of UIDs unreachable
when some
enterprising fellow manually creates an account with a high UID. I
start at the bottom and and count up until I find an unused one.
Both strategies should be linear with the number of existing users
(I think).
Hmm. Problem with that strategy is that you risk reusing IDs, if you
have a policy of deleting old users as they leave. This ID might still
own resources on random computer systems.
(of course another solution to this is to lock accounts, not delete
them when staff leave. Locking accounts is another can of worms when
you consider ssh key auth logins, locking the password is insufficient
to block access to the account - have found setting the shell to an
invalid value seems to work - ssh checks if the shell exists or not
even with -N)