[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Private groups & umask 002 proposal



> 
>  I'm still waiting to see one worthwhile argument against my proposal.
>  I don't expect to see one.
> 

I noticed you ignored my argument, which you previously dismissed with
a handwaving without giving an adequate solution.  My problem with
this proposal is that one loses one level of protection.

In the environment I work in, we have a policy which can be summarized
like this:

a) Other people in your working group can read, but not write, your
work files;

b) People not in your working group have no access.

The default umask is 026.

Under your scheme, one level of protections alias the other (uid alias
gid).  Hence there is *no way* such a policy can be implemented; it is
not possible to separate the people with read access from the ones
with no access.  This is a serious omission.

	/hpa

-- 
INTERNET: hpa@nwu.edu               FINGER/TALK: hpa@ahab.eecs.nwu.edu
IBM MAIL: I0050052 at IBMMAIL       HAM RADIO:   N9ITP or SM4TKN
FIDONET:  1:115/511 or 1:115/512    STORMNET:    181:294/101
WWW hyplan available at <http://www.eecs.nwu.edu:8001/hpa/plan.html>


Reply to: