Re: user private groups and a src group
quinlan@spectrum.cs.bucknell.edu (Daniel Quinlan)
>
> David Engel writes:
>
> > Perhaps I can shed some light on this. Daniel, as you noted above,
> > most users tend to set their umasks to 022 or 077. This works fine
> > for keeping other users from modifying (or even seeing) their personal
> > files. However, when a user needs to work with truly shared files
> > (where any member of the group can write to the any file), each user
> > has to remember to manually change his/her umask to 002 and then
> > remember to change it back when done. If the umask isn't changed,
> > other group members won't have write access to any new or modified
> > files. Now, I don't know about you, but I'm sure that my coworkers
> > and I would always be forgetting to change our umasks. This is where
> > the admitted hack of creating private groups comes in. It allows
> > users to always leave their umasks set to the more useful 002 without
> > compromising the security of their personal files.
>
> That's it?
>
> This seems like an awfully ugly hack for something that could be fixed
> with a shell script or two on a local basis or perhaps even a low-level
> change.
This mechanism is enabled by the existing support given by setgid
directories. It _is_ a low-level change, and IMNSHO it is an elegant
approach -- certainly much more elegant that a shell script could
provide.
> This doesn't seem like the kind of thing that Debian, still in
> development, should be trying to do.
Maybe, maybe not. Nobody has really pushed it for inclusion. Yet.
> I admit that the single benefit
> is nice, but I see this as an exhibition of a "creeping feature" --
> something that will cause us more problems in the long run than
> anything else.
>
> Not many Linux users will have a use for it
Maybe not.
> and fewer still will
> understand it.
It is easier to understand than any other option. One has
to only change directories to effectively change one's "hat"
Compare with "newgrp" which has to start a new shell, and
even then you have to change your umask _and_ take care to
change the group of every file/directory that you create.
i.e. "cd" vs. "newgrp + umask + chgrp x n" -- no contest!
> More trouble and ugliness than it is worth. We should
> be worrying about fixing bugs, not creating new ones.
It creates _less_ trouble for users and again, IMNSHO, is quite
elegant.
BTW, this last sentence is pretty provocative and I think you should
think these things through a bit more before reacting.
--
-Matt Hannigan
Reply to: