[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

user private groups and a src group

> >> > Exactly.  It won't change _anything_ for the average user.
> >>
> >> Not so.  You should say, "they won't notice."  Above-average users
> >> will definitely notice.
> What happens when some user that doesn't know better chowns /sbin
> root.root?

Well, then whenever root creates a file in /sbin, the file will be in
group root.  I don't see any problem with that.

On directories, the sticky bit, sgid and suid bits do not do the same
things that they do on executables.  They are also not the same as
when you put them on regular files.  Yeah, overloading different
functions with the same bits wasn't probably such a hot idea, but
that's the way it is on all other versions of Unix.

There are only security problems if you sgid or suid on executables.

Personally, I don't see a need to sgid any directories other than the
source directories.  Peoples home directories can be up to them, but a
default of creating files with their on gid seems ok to me.  The rest
of the tree doesn't change very often, and more often than not you
will double check the permissions/owner/group anyway.

The one thing that I am really concerned about is whether Linux (and
Debian in particular) can support lots of different groups.  I seem to
remember problems about a year ago with some fixed sized tables.  If
you implement this, you should probably make sure that Debian runs ok
with say, 400-1000 groups.


Reply to: