[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: user private groups and a src group


Paul Vojta, vojta@math.berkeley.edu writes in part
> Again, what is the benefit of having gid=uid?  This seems to be more of
> a religious issue than anything else.  But if you abandon that requirement,
> you can migrate quite readily from the old system to this one on an as
> needed basis:  to switch joeuser to having his own group, just:
>  
>         1.  create a group named "joeuser" and add joeuser to it
>         2.  chgrp -R joeuser ~joeuser
>         3.  chmod g+s ~joeuser

This is not enough!  Assuming your umask was 022 or 077 and
that joeuser was the directory in which you were doing your
shared work (unlikely BTW), you also have to do:
	3. (modified) chmod -R g+swX joeuser ~joeuser
	4. umask 002 (or 007)

In addition, you must remember to change your umask _every_
time you change your "hat" from lone user to group co-worker.
(and back again!)

And this is where I am going to answer your question about wanting
gid=uid:  If you don't want to change your umask all the time,
then you have to leave it at 002 or 007.  However this means that
all your files will be group writeable!  To solve this, you need
to have your own private group which will be your default.

In conclusion, let me just say that all the objections to this
scheme seem to arise from from misunderstandings.  This is not
a flame; it is quite right that those proposing a change from
the norm be required to properly explain it.  However Ian Jackson
and I are both convinced that this scheme will bring no real changes
to the vast majority of debian users anyway, and a significant
advantage to those few that want to take advantage of group
permissions.

If anyone has specific questions about the scheme, they are
welcome to quiz me about it before mailing to this list.

BTW, a useful exercise before commenting on this at all is
to set up a few pseudo-users on your own machine and then
try to do stuff in a common directory without this scheme;
I think this would make people think a bit clearer about it.

--
	-Matt Hannigan

PS. I think debian-devel is more appropriate, too, if
you follow-up to this.
Reply to: