Steps to reproduce:
Result: The data/files_external / data/appdata{…} folder is removed.
Solution: Prevent creation of users if data/{new-user-uid} is either
a file or a folder. In addition, prevent deletion of users where the
user data directory (data/{user}) contains other files and folders
than “files” (where the user data is stored).
Group admin can remove arbitrary data from “data” directory