YAP (Yet Another Proposal)
While reading Stephen White's proposal, I have thought of another
solution to the problem. BTW, my solution seems so simple and changes so
few things that I must be wrong somewhere :-) If so, please explain
*kindly* why I am wrong.
The purpose of both proposals (Ian Jackson's and Stephen White's
ones) is to allow cooperating users to use 002 as a umask to share common
files while they keep their own files private in their home directories.
I suggest a third way to achieve this goal. Suppose that we have
the following directory tree:
To allow users to share files in proj1, we make them members of
the group `proj1'. Ditoo for proj2.
Now, we have to prevent files created in home directories to be
readable and writable by users belonging to the same group. I suggest that
we use the permissions set on home directories. If we create home directories
with mode 700, nobody will be allowed to access others' files. Thus, this
scheme does not imply private groups.
I agree that my scheme is different from Mr Jackson's one, in theory
but it should have the same practical effect. The only major difference is
that my proposal does not allow `others' to read or write files but I don't
think that this is worth considering. After all, if you create private
groups to restrain members of your group to access your files, you probably
do not want any other user to access them.
It seems to me that this scheme can lead to the same results as
Ian Jackson's and Stephen Whites's proposals. Of course, as I said above,
this seems so simple that I must be wrong. Feel free to correct me if I am
wrong or if this solution has been discussed before (but try to stay cool and
don't start another flamewar :-)
"Maybe we're lying and you'd better not stay"