On Thu, 2021-04-15 at 14:58 -0400, Mark H Weaver wrote: > Ludovic Courtès writes: > > > Mark H Weaver skribis: > > > > > Here's one idea: when activating a system, *never* delete users or > > > groups if files still exist that are owned by those users/groups. > > > Checking all filesystems would likely be too expensive, but perhaps it > > > would be sufficient to check certain directories such as /var, /etc, and > > > possibly the top directory of /home. And /tmp, /media and /run/user. > > > > How would you determine which directories to look at though? What if we > > miss an important one? > > I have another idea: > > Maintain historical mappings from user/group names to UIDs/GIDs, perhaps > in some file in /etc, where entries are added but *never* automatically > removed. When allocating UIDs/GIDs, we would avoid any UIDs/GIDs in the > range of those mappings. This seems rather convoluted to me. Why not reuse /etc/passwd and /etc/groups? My suggestion: 1. *never* automatically delete users/groups from /etc/passwd, /etc/groups (I thought that was how Guix already worked ...) 2. as users and groups appearing in /etc/passwd and /etc/groups, but not in the operating system configuration can be confusing, change the comment string of these users and groups, to something like "account removed" Add a group 'user-graveyard' for (3), and move these 'pseudo-removed' users to the 'user-graveyard' group. 3. Don't forget to remove graveyard users from all groups (except user-graveyard), make sure the graveyard users can't log in anymore ... (Perhaps add a rule to the SSH and PAM configuration that forbids logging in to graveyard accounts, by checking whether the user is in the 'user-graveyard' group?) > Then, provide a UID/GID garbage collector, to be explicitly run by users > if desired, which would scan all filesystems to find the set of UID/GIDs > currently referenced, and remove entries from the historical mappings > that are no longer needed. That seems useful for if /etc/passwd and /etc/group is getting full, or just for cleaning up. You may want to exclude /gnu/store though, for efficiency (-:. And just in case check whether any live processes have the UID/GID. Suggested command name: "guix user-gc". Greetings, Maxime.