#913 Remove extras-signers if possible
Closed: Fixed None Opened 15 years ago by mmcgrath.

We need to do an audit and see if anything uses the extras-signers group anymore.


dgilmore has renamed the group to extras_signers_not_used for now until we figure out how to handle group deletions.

Oops, CCing toshio as well to see if he has any thoughts on how we should handle these groups in the future.

There's not a really great method of doing this that I can see.

  • We can rename groups whenever possible instead of creating new ones,
  • make groups be propagated via puppet (so we track which group is used where)
  • never delete groups
  • audit when we delete

None of these is perfect.

Just going to list out the unwritten knowns:

If we delete the group we end up with a long term audit problem when the GID gets reused again. While we could go through with a cron job that finds un-named files (its a good idea anyway) this does not help in the case of files restored from a backup and tracking down what htat group was or if the GID gets reused someone owns something they didn't before.

What I have normally seen is going with renaming the group with a standard name added on (-deadbeef or something) and then having a script that looked for that or files without a named UID/GID and emailling the systems administration about them. I will work on a script to do the looking if we don't already have it in place. After F12 release I will work with Toshio on getting a workflow for -deadbeef if thats ok with other sysadmins

This was done by renaming the group to extras_signers_not_used, gid still 100581. Closing this ticket, but feel free to reopen if there's still stuff to be done.

Login to comment on this ticket.

Metadata