Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bulk Deleting of User Accounts and Files


On Aug 7, 2006, at 10:19 PM, email@hidden wrote:

We have to delete about 100 users from our directory of around 1000. I need
to delete the OD user records as well as the home folders. Given a text file
with short names does anyone have a script that could accomplish this task? 

Deleting users of a system is generally not recommended.

POSIX permissions are based on UID/GID and a recycled UID or GID can
lead to security issues. Any user anywhere could have file(s)
permitting the current UID/GID owners to access files.

Instead consider disabling dead accounts rather than removing the
account. Then remove *all* files owned by them *everywhere*, not just
in /their/ HOMEs.


That brings up some thoughts on best practices.

If one uses OSXS in a high-turnover environment (edu over multiple years, web hosting with the typical change over in email accounts, etc.), what is a solution to manage 'disabled' accts? WGM would quickly become cumbersome with record after record of dead users, um user accounts.

Would it not be better to have a policy and mechanism of removing all files owned by a user, delete the account(s) and prevent any recycling of a UID/GID values by the system (or editing by an admin)? It seems exceptionally unpractical to maintain a database full of dead accts.

As for scripting bulk elimination of accts, that would seem to beg for wholesale disaster on several fronts including (accidental) inclusion of wildcard or regex entries with lovely unintended effects. Sure, it might be desirable with some installations, but wow could it backfire.

vail
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.