Re: UPG and the default umask
Willi Mann <firstname.lastname@example.org> writes:
> Russ Allbery wrote:
>> The purpose of UPG is not to use the user private group for any sort of
>> access control. Rather, the point is to put each user in a group where
>> they're the only member so that they can safely use a default umask of
>> 002 without giving someone else write access to all their files.
> Is it possible to detect whether an account is configured properly based
> on the UPG idea? If yes, wouldn't it then make sense to only set umask
> 002 if a proper UPG account is detected, otherwise 022? This would avoid
> putting non-UPG systems on danger.
That's a good idea. I'm not sure if all UNIX group systems allow one to
ask how many users are a member of a particular group, but if there's a
way to ask that question at least in those group systems that support it,
the implementation should be fairly straightforward.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>