Protect the last account with M flag
I set up an ioFTP to test if ioFTPD accepts to delete ioFTPD account (I logged in with this account and no account were created before deleting). It accepts to do it and then no one can log in anymore. You may think that's a crazy idea to do that, but what will the last person do if in a site, he deletes himself by error or for any reason? He'll have to stop io and recreate an account with M flag.
I suggest that ioFTPD must forbid deleting account with M flag if there's only one left.
|