I had recently an issue about someone, probably wanted by the french law, maybe also wanted by others, never delete something in the server. I mean a user must not delete an email, a ejabberd/mattermost post, a file whatever it is in smbd or in nextcloud, if a user is deleted, all user’s resource must exist for other.
In simple words, nothing must be deleted because you have to show it one day
I don’t know if in your professional life someone has already asked you
Like in any real bookkkeeping program or ERP, where a user is NOT allowed to delete a booking. In case of an error, a counter-booking is needed. So, if needed, someone (auditor) can see an error was made - and corrected.
If deleted, no trace exists anymore - not according to the law!
My 2 cents
Sure but actually we have no way to do it, delete a user means delete emails and other resources of the user.
Then we miss a group, only able to disable users.
Time to raise a proper distro policy for that?
Using your PHPLDAPAdmin module, it is possible to rename a group.
Only the Cockpit and old nethGUI will still display the old name…
-> In other Systems, I often renamed the group to zzz_OLD-NAME…
This way, it could be seen that they were “old” groups, but still there…
My 2 cents
IMVHO a bandaid solution has to be thought and applied only when a global policy has been thought, reviewed and evaluated as viable.
What I have in mind is wider than only forbid to delete users, it is the first step.
I don’t see any reason to forbid user deletion; simply making a tarball backup of their home directory and their Nextcloud home directory would have the same effect. That’s easy. What’s hard is the requirement that even while they have an account, they can’t really delete anything, and that’s going to need to be managed at the application level–I can’t see any way to implement a server-wide policy, unless it was something like hourly backups that you retained forever. For mail, the mail archive module you’ve been working on may cover your needs. For Nextcloud, it tracks previous versions; you may be able to adjust those settings in such a way that they never expire. Not sure about Samba, though, or Mattermost.
I’m assuming what your talking about is data retention laws as far as I’m aware it depends if your country has a drd legislation and usually if it does it’s usually min 6 months max 2 years and even then it usually applies to public message and communication services so if it is a privately owned server I don’t think the drd applies