Re: Private groups & umask 002 proposal

To: debian-devel@pixar.com
Subject: Re: Private groups & umask 002 proposal
From: "H. Peter Anvin N9ITP" <hpa@ahab.eecs.nwu.edu>
Date: Thu, 24 Mar 94 13:55 PST
Message-id: <[🔎] 199403241850.MAA29470@ahab.eecs.nwu.edu>
Reply-to: hpa@ahab.eecs.nwu.edu

> 
>  I'm still waiting to see one worthwhile argument against my proposal.
>  I don't expect to see one.
> 

I noticed you ignored my argument, which you previously dismissed with
a handwaving without giving an adequate solution.  My problem with
this proposal is that one loses one level of protection.

In the environment I work in, we have a policy which can be summarized
like this:

a) Other people in your working group can read, but not write, your
work files;

b) People not in your working group have no access.

The default umask is 026.

Under your scheme, one level of protections alias the other (uid alias
gid).  Hence there is *no way* such a policy can be implemented; it is
not possible to separate the people with read access from the ones
with no access.  This is a serious omission.

	/hpa

-- 
INTERNET: hpa@nwu.edu               FINGER/TALK: hpa@ahab.eecs.nwu.edu
IBM MAIL: I0050052 at IBMMAIL       HAM RADIO:   N9ITP or SM4TKN
FIDONET:  1:115/511 or 1:115/512    STORMNET:    181:294/101
WWW hyplan available at <http://www.eecs.nwu.edu:8001/hpa/plan.html>

Reply to:

Prev by Date: user/group -- my compromise proposal
Next by Date: PRIVATE GROUPS 2/2
Previous by thread: Private groups & umask 002 proposal
Next by thread: Private groups & umask 002 proposal
Index(es):
- Date
- Thread