Low Description
Fedora's packaging guidelines state, "We never remove users or groups created by packages. There's no sane way to check if files owned by those users/groups are left behind (and even if there would, what would we do to them?), and leaving those behind with ownerships pointing to now nonexistent users/groups may result in security issues when a semantically unrelated user/group is created later and reuses the UID/GID. Also, in some setups deleting the user/group might not be possible or/nor desirable (eg. when using a shared remote user/group database). Cleanup of unused users/groups is left to the system administrators to take care of if they so desire." (that's from http://fedoraproject.org/wiki/Packaging/UsersAndGroups)
However, Cassandra's spec file in trunk and all branches contains this:
%preun
# only delete user on removal, not upgrade
if [ "$1" = "0" ]; then
userdel %{username}
fi
I agree with Fedora's reasoning. Additionally I'd like to add that stray accounts on a system are generally relatively harmless. I wonder if there was some intentional decision to diverge from Fedora's (and presumably Red Hat's) customary behavior? If not, I would suggest removing the above scriptlet from the Cassandra spec file. I'd be happy to provide a diff if that would be useful.