Re: Documentation of the private groups proposal
Bill Mitchell writes:
> I wasn't directing my remarks specifically at anything Ian had said.
Oh, sorry, I suppose all the rather personally oriented debate
recently has made me jump to conclusions.
> ... it would be inappropriate for the
> victorious faction to breathe a sigh of releif and go on to other things
> once the issue is decided.
Speaking personally, it would be more accurate to say that now that
the issue has (practically) been decided I may have a better chance of
finding time to update the manpages to document setgid directories and
BSD semantics. I don't have to spend quite so much time debunking
what I see as spurious arguments against the IMO reasonable course
that's now being taken (modulo problems with the default).
When I've seen 0.92 I'll write an admin supplement for it, unless
someone would rather do it. (please!)
> I recall much argument here about what these changes do and do not do,
> what effect they do and do not have, what protections they do and do
> not offer, how they are or are not intrusive on unintrested users, and
> what an interested user does and does not need to do in order to take
> advangage of these changes. I doubt that even those reading all the
> debian lists will remember all of that -- much less users who will get a
> copy of debian 0.92beta without having seen all the discussions in all
> the lists.
I firmly believe - and have much evidence for doing so - that even if
the fact that user private groups are in use (assuming they are by
default - please let them be!) is documented nowhere else but
adduser(8) and /etc/adduser.conf then there will be at the very most
very few problems, and that even those will be minor.
If it's not the default then IMO some documentation will be needed to
tell people to turn the option on so that they do not end up with e.g.
/usr/local/man trees with bizarre and inconsistent permissions, and so
that forthcoming software for management of groups by ordinary users
will actually work properly for all users.
However, this issue is certainly something that should be covered in a
section of the Debian Administrators' Supplement, along with security
policy in general.